We have already introduced before the authorization is to add a simple property or on the Controller Authorize Action to achieve that role is authorized to specify parameters specify Authorize Roles of.
Let's look at three ways to role-based access:
1, specifies that only role for the user to access the Admin
[Authorize(Roles ="Admin") ]
2, assign a role to Admin users can ask or User
[Authorize(Roles ="Admin,User") ]
3, have both Admin and User roles can access role
[Authorize(Roles ="Admin") ] [Authorize(Roles ="User") ]