Introduction: GraphQL API Authorization can be done by implementing GraphQL.Validation.IValidationRule . By implementing IValidationRule we have to implement our own custom rules for validating queries. So we can implement our own custom logic for authorization. IValidationRule is the perfect way of implementing authorization because these rules always get executed prior to the query execution. Here we are going to implement a sample of GraphQL API protecting it by creating claims-based authorization. To know more about GrapQL API Integration In Asp.Net Core Application Click Here. Identity Server4 Token Based Authentication: In this sample, we are going to use token-based authentication by IdentityServer 4. If you want you can use any other authentication type like cookie authentication or OAuth2.0 or Microsoft Login Identity. Click here for Identity Server4 Sample Source Code . Dotnet Core Web API Verify IdentityServer4 Authentication Token: Let's create a Do