Authorization for ASP.NET applications with Cerbos
Add policy-based authorization to ASP.NET controllers and endpoints using the Cerbos .NET SDK. Enforce fine-grained access control via authorization handlers or middleware in the request pipeline.
Plug into the authorization pipeline
Implement Cerbos as an ASP.NET authorization handler to enforce permissions through the standard [Authorize] attribute and policy system
Claims-based context
Pass ClaimsPrincipal data, route values, and resource attributes from ASP.NET to Cerbos for attribute-based authorization decisions
Decouple policy from code
Move authorization rules out of controllers and authorization handlers into versioned YAML policies that update without redeployment
How Cerbos works with ASP.NET
Building authorization logic inside ASP.NET quickly becomes a maintenance burden. Hard-coded role checks scatter across controllers and middleware, and every permission change requires a code deploy.
Cerbos replaces scattered authorization logic with a single API call. You define fine-grained policies in YAML, and the Cerbos PDP evaluates them at request time using roles, attributes, and any context you provide.
With Cerbos your ASP.NET application stays focused on business logic while authorization policies evolve independently, managed by product or security teams without touching code.
How Cerbos works with ASP.NET
- Add the Cerbos .NET SDK to your ASP.NET project. Install the NuGet package and configure a Cerbos client, typically registered in the dependency injection container at startup.
- Call Cerbos from authorization handlers or middleware. Extract the authenticated user from the ClaimsPrincipal, build a Cerbos check request with the target resource and action, and allow or deny access based on the PDP response.
- Define authorization policies in YAML. Write resource and principal policies that capture your access control rules, including roles, attributes, and conditions. Store them alongside your code and version them in git.
- Cerbos evaluates policies at request time. Every authorization check is evaluated against the latest policies with sub-millisecond latency. Update rules without redeploying your ASP.NET application.
FAQ
How do I integrate Cerbos with ASP.NET?
Use the Cerbos .NET SDK to create a client and call the Cerbos PDP from your ASP.NET controllers, authorization handlers, or middleware. Extract the authenticated user from the ClaimsPrincipal, build a Cerbos check request, and gate access based on the PDP response.
Can I use Cerbos with ASP.NET's authorization pipeline?
Yes. Implement a custom IAuthorizationHandler that calls the Cerbos PDP, and register it with ASP.NET's authorization services. Apply policies to controllers or endpoints using the [Authorize] attribute with your custom policy name.
Does Cerbos work with ASP.NET minimal APIs?
Yes. Call the Cerbos PDP from endpoint handlers or register middleware in the request pipeline that evaluates Cerbos policies before the endpoint executes. The Cerbos PDP responds in sub-millisecond time.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + ASP.NET
- Single API call replaces hard-coded permission checks in ASP.NET
- Policies updated independently of application deploys
- Authorization policies versioned and tested like source code
- Stateless PDP scales independently of the application
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.