How can I authorize claims for each web api request using Token Based Authentication. I have a controller on which I applied Authorize attribute that will look for token on each request and return response if it's a valid token. But I have a controller called AdminController which I would like to be accessible for user having admin claim. How can I implement this? Any suggestion please?
Quick way to do this is to add claim of type "Role" and assign it value of "Admin", this should be done before generating the token for this user in method GrantResourceOwnerCredentials, it will be as the code below:
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
Now in your AdminController you attribute it with
[Authorize(Roles="Admin")]
This is called Roles based authentication but at the end the Roles are considered as claims.
You can check this complete code sample too