Best Practices for Roles vs. Claims in ASP.NET Identity

Question

I am completely new to the use of claims in ASP.NETIdentity and want to get an idea of best practices in the use of Roles and/or Claims

Answer 1

As @Claies perfectly explained, claims could be a more descriptive and is a deep kind of role. I think about them as your roles ids. I have a gym id, so I belong to the members role. I am also in the kickboxing lessons, so I have a kickboxing id claim for them. My application would need the declaration of a new role to fit my membership rights. Instead, I have ids for each group class that i belong to, instead of lots of new membership types. That is why claims fit better for me.

There is a a great explanation video of Barry Dorrans, talking about the advantage of using claims over roles. He also states that roles, are still in .NET for backward compatibility. The video is very informative about the way claims, roles, policies, authorization and authentication works.

You can find it here: ASP.NET Core Authorization with Barr Dorrans