Enforcer

About Enforcer

Enforcer allows you to write human-readable access control policies for your .NET applications.

Don't hide security policy in application logic; make it clear and visible to all stakeholders.

Enforcer is an Attribute-Based Access Control (ABAC) authorization engine where information about a request, and the wider context, is used to determine if the request can proceed. Enforcer's power comes from its flexibility, taking information from anywhere in your business to make authorization decisions.

Enforcer reacts to your changes in security policy, without the need to redeploy the application.

See how easy it is to write a readable security policy by following one of our online tutorials

Or have a play with our live online tool and create your own policies.

Duende IdentityServer
Duende IdentityServer
IdentityServer4
IdentityServer4
ASP.NET Core
ASP.NET Core
.NET Framework
.NET Framework

Get a FREE 30-Day Demo Key

First name

Last name

Email address

By submitting this form you are confirming the use of the data you supply in accordance with our privacy policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Enforcer Key Features

Attribute Based Access Control

Built upon the OASIS XACML policy model.
Human readable security policy

Policies are written in ALFA, readable by anyone
Protect Controllers and Services

Protect MVC and API controllers with a simple attribute. Protect any .NET code with a call to the policy enforcement point
Deploy policies with git

Using existing git workflows to test and approve security policy changes. Enforcer watches the live branch, and automatically picks up the approved changes
Integrates with your IDE

Develop and test policies in Visual Studio or Visual Studio Code. Syntax highlighting and background compilation.
Automated testing of policies

Deploy policies with confidence using your favorite testing framework.
Fully compiled

ALFA policies are fully compiled at runtime for optimal performance

Identity != Permissions

Why should I put Authorization outside of my IdentityServer?

Learn more

Developer Tooling

Screenshot of the Enforcer REPL — Enforcer REPL

Online REPL to develop and test poilicies

Screenshot from Visual Studio — Visual Studio

Develop policies inside Visual Studio

Screenshot of Visual Studio Code — Visual Studio Code

ALFA Syntax highlighting, and background compilation

Screenshot of testing policies in VSCode — Testing policies

Test security policies using unit testing frameworks

Flow of managing Git deployment — Git deployed policies

Deploy and rollback policies with confidence using a git workflow

Enforcer Enterprise

$ 8,988
- Order Now
- Got specific question? Contact us
- Unlimited use inside a single enterprise
- Perpetual License*
- Includes one year of helpdesk support and updates
Enforcer Redistribution

POA
- Enquire Now
- All the features of Enforcer Enterprise
- For use outside of a single Enterprise

* Optional annual renewal at 25% of list price, to continue to receive support and updates. For more information, visit our FAQ

Latest Articles

14 Dec 2020
Authorization, What Are My Options?

Applications are designed to deliver functionality to users - this is their primary goal. However, commonly, not all users can do everything in an application: features may be sensitive, they may need a premium subscription, or someone may need to give the user explicit permission to access their data. Delivering this "limiting" of functionality is also a critical part of application design. This article explores options for controlling access to functionality and assesses their strengths and weaknesses

Andrew Clymer

Job Role

Head of Identity and Access Management

Authorization, What Are My Options?
18 Aug 2022
What is Risk Based Authentication

Creating a secure login experience that defends against password stuffing and spraying can lead to an unpleasant user experience. Using Risk-Based Authentication allows you to adapt the login experience based on the current threat level, resulting in a secure and, more often than not, pleasant user experience.

Andrew Clymer

Job Role

Head of Identity and Access Management

What is Risk Based Authentication