.NET Core AuthorizationHandlerContext

The AuthorizationHandlerContext is a class in .NET Core that is used during the evaluation of authorization policies. It allows you to do things like check the current user's claims and roles, and make decisions about whether or not the current user is authorized to perform a given action.

Introduction

In .NET Core, authorization policies are evaluated in two stages:

1. Policy evaluation: This is where the policy requirements are checked against the claims and roles of the current user.
2. Resource authorization: This is where the authorization decisions are made based on the policy evaluation and the rules defined in the application.

The AuthorizationHandlerContext is used in both stages of the authorization process.

Policy Evaluation

During policy evaluation, the AuthorizationHandlerContext allows you to access information about the current user, including their claims and roles. You can also use it to create custom claims and add them to the user's identity.

Here's an example of how you might use the AuthorizationHandlerContext during policy evaluation:

public class MyAuthorizationHandler : AuthorizationHandler<MyRequirement>
{
    protected override Task HandleRequirementAsync(
        AuthorizationHandlerContext context,
        MyRequirement requirement)
    {
        // Get the current user's claims
        var claims = context.User.Claims;

        // Check to see if the user has a specific claim
        var hasClaim = context.User.HasClaim(x => x.Type == "MyClaim");

        // Add a custom claim to the user's identity
        var identity = (ClaimsIdentity)context.User.Identity;
        identity.AddClaim(new Claim("MyCustomClaim", "Value"));

        return Task.CompletedTask;
    }
}

Resource Authorization

During resource authorization, the AuthorizationHandlerContext is used to make decisions about whether or not the current user is authorized to perform a given action. You can use it to access information about the resource being accessed, as well as the policy evaluation results from the previous stage.

Here's an example of how you might use the AuthorizationHandlerContext during resource authorization:

public class MyAuthorizationHandler : AuthorizationHandler<MyRequirement, MyResource>
{
    protected override Task HandleRequirementAsync(
        AuthorizationHandlerContext context,
        MyRequirement requirement,
        MyResource resource)
    {
        // Check the policy evaluation results to see if the user is authorized
        var isAuthorized = context.HasSucceeded;

        // Check the resource being accessed to see if the user is authorized
        var resourceIsPublic = resource.IsPublic;
        if (resourceIsPublic)
        {
            isAuthorized = true;
        }

        if (isAuthorized)
        {
            // Grant access to the resource
            context.Succeed(requirement);
        }
        else
        {
            // Deny access to the resource
            context.Fail();
        }

        return Task.CompletedTask;
    }
}

Conclusion

The AuthorizationHandlerContext is a powerful class in .NET Core that allows you to perform custom authorization logic during policy evaluation and resource authorization. By leveraging the functionality provided by this class, you can create complex and flexible authorization systems that are tailored to the specific requirements of your application.