Skip to Content


Attribute Based Access Control (ABAC)

About Enforcer

Enforcer allows you to write human-readable access control policies for your .NET applications. Don't hide security policy in application logic; make it clear and visible to all stakeholders.

Enforcer is an Attribute-Based Access Control (ABAC) authorization engine where information about a request, and the wider context, is used to determine if the request can proceed. Enforcer's power comes from its flexibility, taking information from anywhere in your business to make authorization decisions.  

Enforcer reacts to your changes in security policy, without the need to redeploy the application.

See how easy it is to write a readable security policy by following one of our online tutorials

Or have a play with our live online tool and create your own policies

Try Enforcer for free

By submitting this demo request for a 30 day trial of Enforcer you are confirming the use of the data you supply in accordance with our privacy policy.

For more information on licensing, check out our FAQ

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

  • Attribute Based Access Control

    Built upon the OASIS XACML policy model.

  • Human readable security policy

    Policies are written in ALFA, readable by anyone

  • Protect Controllers and Services

    Protect MVC and API controllers with a simple attribute. Protect any .NET code with a call to the policy enforcement point

  • Deploy policies with git

    Using existing git workflows to test and approve security policy changes. Enforcer watches the live branch, and automatically picks up the approved changes

  • Integrates with your IDE

    Develop and test policies in Visual Studio or Visual Studio Code. Syntax highlighting and background compilation.

  • Automated testing of policies

    Deploy policies with confidence using your favorite testing framework.

  • Fully compiled

    ALFA policies are fully compiled at runtime for optimal performance

Identity =! Permissions

Why should I put Authorization outside of my IdentityServer?

* Optional annual renewal at 25% of list price, to continue to receive support and updates. For more information, visit our FAQ

Try Enforcer for free

See how easy it is to write a readable security policy by following one of our online tutorials

  • Hawkins Inc
  • Repower
  • Bosch
  • RandA
  • Plymouth NHS
  • American Heart Association
  • Systopia
  • Deliotte

We are proud to be a Certified B Corporation, meeting the highest standards of social and environmental impact.

Find Out More

Awards & Certifications