AspNetCore.Docs/aspnetcore/security/authorization/introduction.md

---
title: Introduction to authorization in ASP.NET Core
author: rick-anderson
description: Learn the basics of authorization and how authorization works in ASP.NET Core apps.
ms.author: riande
ms.date: 10/14/2016
uid: security/authorization/introduction
---
# Introduction to authorization in ASP.NET Core

<a name="security-authorization-introduction"></a>

Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.

Authorization is separate and distinct from authentication. However, authorization relies on an authentication mechanism. Authentication is the process of verifying a user's identity, which may result in the creation of one or more identity objects for the user.

For more information about authentication in ASP.NET Core, see <xref:security/authentication/index>.

## Authorization types

ASP.NET Core authorization provides a simple, declarative [role](xref:security/authorization/roles) and a rich [policy-based](xref:security/authorization/policies) model. Authorization is expressed in requirements, and handlers evaluate a user's claims against requirements. Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.

## Namespaces

Authorization components, including the `AuthorizeAttribute` and `AllowAnonymousAttribute` attributes, are found in the `Microsoft.AspNetCore.Authorization` namespace.

Consult the documentation on [simple authorization](xref:security/authorization/simple).
Add docfx content 2016-10-29 01:35:15 +08:00			`---`
Title, description, and H1 updates (3) (#5717) 2018-03-20 07:40:34 +08:00			`title: Introduction to authorization in ASP.NET Core`
Add docfx content 2016-10-29 01:35:15 +08:00			`author: rick-anderson`
Title, description, and H1 updates (3) (#5717) 2018-03-20 07:40:34 +08:00			`description: Learn the basics of authorization and how authorization works in ASP.NET Core apps.`
Organize metadata (#5296) Updates 2018-01-29 23:21:31 +08:00			`ms.author: riande`
Add docfx content 2016-10-29 01:35:15 +08:00			`ms.date: 10/14/2016`
			`uid: security/authorization/introduction`
			`---`
Title, description, and H1 updates (3) (#5717) 2018-03-20 07:40:34 +08:00			`# Introduction to authorization in ASP.NET Core`
Add docfx content 2016-10-29 01:35:15 +08:00
Fix invalid bookmarks (#4570) 2017-10-14 04:50:30 +08:00			`<a name="security-authorization-introduction"></a>`
Add docfx content 2016-10-29 01:35:15 +08:00
Update introduction.md 2016-12-04 10:04:32 +08:00			`Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.`
Add docfx content 2016-10-29 01:35:15 +08:00
Update introduction.md (#34259) * Update introduction.md Fixes #34045 * Update aspnetcore/security/authorization/introduction.md Co-authored-by: Tom Dykstra <tdykstra@microsoft.com> --------- Co-authored-by: Tom Dykstra <tdykstra@microsoft.com> 2024-12-03 05:47:09 +08:00			`Authorization is separate and distinct from authentication. However, authorization relies on an authentication mechanism. Authentication is the process of verifying a user's identity, which may result in the creation of one or more identity objects for the user.`
Add docfx content 2016-10-29 01:35:15 +08:00
Add xref from authz to authn. (#16418) 2020-01-07 04:24:40 +08:00			`For more information about authentication in ASP.NET Core, see <xref:security/authentication/index>.`

CC50099: Content updated (#5514) * CC50099: Content updated Hello, @rick-anderson, This proposed file change comes from this Community Contribution: https://github.com/aspnet/Docs.fr-fr/pull/55/files. Please, help to check this proposed file change into the article and help to merge if you agree with fix. If not, please, let me know either if you would like me to fix it in another way within this PR, if you prefer to fix it in another PR or if I should close this PR as by-design. In case of using another PR, please, let me know of your PR number, so we can confirm and close this PR. Many thanks in advance. * Minor tweaks 2018-02-20 23:30:35 +08:00			`## Authorization types`
Add docfx content 2016-10-29 01:35:15 +08:00
Security link updates (#5727) Updates Revert 2018-03-19 10:25:14 +08:00			`ASP.NET Core authorization provides a simple, declarative [role](xref:security/authorization/roles) and a rich [policy-based](xref:security/authorization/policies) model. Authorization is expressed in requirements, and handlers evaluate a user's claims against requirements. Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.`
Add docfx content 2016-10-29 01:35:15 +08:00
			`## Namespaces`

CC50099: Content updated (#5514) * CC50099: Content updated Hello, @rick-anderson, This proposed file change comes from this Community Contribution: https://github.com/aspnet/Docs.fr-fr/pull/55/files. Please, help to check this proposed file change into the article and help to merge if you agree with fix. If not, please, let me know either if you would like me to fix it in another way within this PR, if you prefer to fix it in another PR or if I should close this PR as by-design. In case of using another PR, please, let me know of your PR number, so we can confirm and close this PR. Many thanks in advance. * Minor tweaks 2018-02-20 23:30:35 +08:00			Authorization components, including the `AuthorizeAttribute` and `AllowAnonymousAttribute` attributes, are found in the `Microsoft.AspNetCore.Authorization` namespace.

			`Consult the documentation on [simple authorization](xref:security/authorization/simple).`