ASP.NET provides both declarative and imperative authorization functionality to enable you to limit access to controllers and actions based upon the role or claims an identity contains, and the resource being requested.
.. toctree:: :titlesonly: introduction simple roles claims policies dependencyinjection resourcebased views limitingidentitybyscheme authorization-filters