创建验证策略:

    1. services.AddAuthorization(opt =>
    2.     opt.AddPolicy("DeleteRolePolicy", policy => policy.RequireClaim("Delete Role")));

    使用 Authorize 特性进行策略校验:

    1. [Authorize(policy: "DeleteRolePolicy")]
    2. [HttpPost]
    3. public async Task<IActionResult> DeleteRole(string id)
    4. {
    5.     var role = await _roleManager.FindByIdAsync(id);
    6.     ...
    7. }

    重新登录后用户声明的权限才会起效。

    单个策略中还可以添加多个声明:

    1. services.AddAuthorization(opt =>
    2.     opt.AddPolicy("ManageRolePolicy",
    3.         policy => policy.RequireClaim("Delete Role").RequireClaim("Create Role")));