Exercise 2: Custom Authorization Policies

Objective

Create custom authorization policies with requirements and handlers

Implementation

1. Create Age Requirement

public class MinimumAgeRequirement : IAuthorizationRequirement
{
    public int MinimumAge { get; }
}

public class MinimumAgeHandler : AuthorizationHandler<MinimumAgeRequirement>
{
    // Check DateOfBirth claim
    // Calculate age
    // Succeed if age >= requirement
}

2. Create Subscription Requirement

public class ActiveSubscriptionRequirement : IAuthorizationRequirement { }

public class SubscriptionHandler : AuthorizationHandler<ActiveSubscriptionRequirement>
{
    // Check subscription status from database
}

3. Register and Use

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("AtLeast18", policy =>
        policy.Requirements.Add(new MinimumAgeRequirement(18)));
    
    options.AddPolicy("PremiumUser", policy =>
        policy.Requirements.Add(new ActiveSubscriptionRequirement()));
});

Expected Outcome

Custom policies working
Complex authorization logic
Reusable requirements

Challenge

Combine multiple requirements
Create dynamic policy provider
Add caching to handlers

Objective​

Implementation​

1. Create Age Requirement​

2. Create Subscription Requirement​

3. Register and Use​

Expected Outcome​

Challenge​

Objective

Implementation

1. Create Age Requirement

2. Create Subscription Requirement

3. Register and Use

Expected Outcome

Challenge