AspNetCore.Docs/aspnetcore/security/authorization/introduction.md

30 lines
1.5 KiB
Markdown
Raw Normal View History

2016-10-29 01:35:15 +08:00
---
2016-11-17 08:24:57 +08:00
title: Introduction | Microsoft Docs
2016-10-29 01:35:15 +08:00
author: rick-anderson
2016-11-18 04:13:02 +08:00
description:
keywords: ASP.NET Core,
2016-10-29 01:35:15 +08:00
ms.author: riande
manager: wpickett
ms.date: 10/14/2016
ms.topic: article
ms.assetid: a6a556ed-ba59-4107-9358-44cf20e5931b
2016-11-17 08:24:57 +08:00
ms.technology: aspnet
2016-10-29 01:35:15 +08:00
ms.prod: aspnet-core
uid: security/authorization/introduction
---
# Introduction
<a name=security-authorization-introduction></a>
2016-12-04 10:04:32 +08:00
Authorization refers to the process that determines what a user is able to do. For example, an administrative user is allowed to create a document library, add documents, edit documents, and delete them. A non-administrative user working with the library is only authorized to read the documents.
2016-10-29 01:35:15 +08:00
Authorization is orthogonal and independent from authentication, which is the process of ascertaining who a user is. Authentication may create one or more identities for the current user.
## Authorization Types
2016-12-29 03:57:04 +08:00
In ASP.NET Core authorization now provides simple declarative [role](roles.md#security-authorization-role-based) and a [richer policy based](policies.md#security-authorization-policies-based) model where authorization is expressed in requirements and handlers evaluate a users claims against requirements. Imperative checks can be based on simple policies or policies which evaluate both the user identity and properties of the resource that the user is attempting to access.
2016-10-29 01:35:15 +08:00
## Namespaces
Authorization components, including the `AuthorizeAttribute` and `AllowAnonymousAttribute` attributes are found in the `Microsoft.AspNetCore.Authorization` namespace.