Best Practices for Roles vs. Claims in ASP.NET Identity

Question

I am completely new to the use of claims in ASP.NETIdentity and want to get an idea of best practices in the use of Roles and/or Claims

Answer 1

To understand difference between Roles and Claims you mast face the limitation of roles and to feel how claims come over this issues, so lit me give you 2 scenarios to recognize the power of claims where role can't resolve this issues :

1- your site have to two modules (pages, service ..etc) the first module fore child(under 18 years old) the other for adult(over 18 years old) your user identity have birthday claim

you need to create policy on this claim so the authorization for each module will be given on this value and if the age of user come over the 18 years then he can go to adult module and not before this age

Role is Boolean data type you can have or not have the role role didn't have malty values

2- your site have role user and you wan't to prevent access of users to make some maintenance without changing the code

in claims you can create UnderConstrain policy that if true user can't view the page give property authorize for role user.