c# - Is there a way to do fine grained access control in ASPNET 5 MVC 6 -

the new authorize attribute in aspnet 5 seems cover simple apps course access control fine. how 1 go using 10+ controllers crud operations? correct add policies calls, since there no way pass required claims policies? seems list impossible manage , clutter configureservice method.

you can write policies require claims , values;

services.addauthorization(options => {     options.addpolicy("requireread",                        policy => policy.requireclaim("documentpermission", "read")); } 

it depends how model claim values. if have claim value of, example, "crud" indicate user has create, read, update , delete particular claim you're going have write own requirement , handler.