Attribute Based Access Control
Built upon the OASIS XACML policy model.
Attribute Based Access Control (ABAC)
Enforcer allows you to write human-readable access control policies for your .NET applications. Don't hide security policy in application logic; make it clear and visible to all stakeholders.
Enforcer is an Attribute-Based Access Control (ABAC) authorization engine where information about a request, and the wider context, is used to determine if the request can proceed. Enforcer's power comes from its flexibility, taking information from anywhere in your business to make authorization decisions.
Enforcer reacts to your changes in security policy, without the need to redeploy the application.
See how easy it is to write a readable security policy by following one of our online tutorials
Or have a play with our live online tool and create your own policies
By submitting this demo request for a 30 day trial of Enforcer you are confirming the use of the data you supply in accordance with our privacy policy.
For more information on licensing, check out our FAQ
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Built upon the OASIS XACML policy model.
Policies are written in ALFA, readable by anyone
Protect MVC and API controllers with a simple attribute. Protect any .NET code with a call to the policy enforcement point
Using existing git workflows to test and approve security policy changes. Enforcer watches the live branch, and automatically picks up the approved changes
Develop and test policies in Visual Studio or Visual Studio Code. Syntax highlighting and background compilation.
Deploy policies with confidence using your favorite testing framework.
ALFA policies are fully compiled at runtime for optimal performance
$ 8,400
£ POA
* Optional annual renewal at 25% of list price, to continue to receive support and updates. For more information, visit our FAQ
Applications are designed to deliver functionality to users - this is their primary goal. However, commonly, not all users can do everything in an application: features may be sensitive, they may need a premium subscription, or someone may need to give the user explicit permission to access their data. Delivering this "limiting" of functionality is also a critical part of application design. This article explores options for controlling access to functionality and assesses their strengths and weaknesses
Dec. 14, 2020
Creating a secure login experience that defends against password stuffing and spraying can lead to an unpleasant user experience. Using Risk-Based Authentication allows you to adapt the login experience based on the current threat level, resulting in a secure and, more often than not, pleasant user experience.
Aug. 18, 2022
See how easy it is to write a readable security policy by following one of our online tutorials
Our products and services for IdentityServer are loved by so many. Here are just a few...
We are proud to be a Certified B Corporation, meeting the highest standards of social and environmental impact.