This post shows how policy-based authorization works in ASP.NET Core, and how it differs from role-based authorization.
Thanks for that. It is much helpful.
But I have one problem. In case I am unauthorized I am getting 403 (this is Ok) but with an empty body. How I can get 403 with some JSON body?
I use API with ReaktJS and there I get 403 but with CORS problem in the console.
How can this be accomplished when using the .NET API as a Jwt Handler only?