Created AbpAuthorizationService.

src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/RazorPages/AbpPageModel.cs

@@ -1,9 +1,12 @@
 using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using Volo.Abp.AspNetCore.Mvc.Validation;
+using Volo.Abp.Authorization;
 using Volo.Abp.Guids;
 using Volo.Abp.MultiTenancy;
 using Volo.Abp.ObjectMapping;
@@ -28,6 +31,8 @@ namespace Volo.Abp.AspNetCore.Mvc.RazorPages
 
         public IModelStateValidator ModelValidator { get; set; }
 
+        public IAuthorizationService AuthorizationService { get; set; }
+
         protected IUnitOfWork CurrentUnitOfWork => UnitOfWorkManager?.Current;
         
         protected ILogger Logger => _lazyLogger.Value;
@@ -42,5 +47,10 @@ namespace Volo.Abp.AspNetCore.Mvc.RazorPages
         {
             ModelValidator?.Validate(ModelState);
         }
+
+        protected virtual Task CheckPolicyAsync(string policyName)
+        {
+            return AuthorizationService.CheckAsync(policyName);
+        }
     }
 }

src/Volo.Abp.Authorization/Volo.Abp.Authorization.csproj

@@ -18,7 +18,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\Volo.Abp.Core\Volo.Abp.Core.csproj" />
+    <ProjectReference Include="..\Volo.Abp.Security\Volo.Abp.Security.csproj" />
   </ItemGroup>
 
 </Project>

src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs

@@ -1,9 +1,11 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.DependencyInjection;
 using Volo.Abp.Modularity;
+using Volo.Abp.Security;
 
 namespace Volo.Abp.Authorization
 {
+    [DependsOn(typeof(AbpSecurityModule))]
     public class AbpAuthorizationModule : AbpModule
     {
         public override void ConfigureServices(IServiceCollection services)

src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationService.cs

@@ -0,0 +1,43 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Volo.Abp.DependencyInjection;
+using Volo.Abp.Security.Claims;
+
+namespace Volo.Abp.Authorization
+{
+    [Dependency(ReplaceServices = true)]
+    public class AbpAuthorizationService : DefaultAuthorizationService, IAbpAuthorizationService, ITransientDependency
+    {
+        private readonly ICurrentPrincipalAccessor _currentPrincipalAccessor;
+
+        public AbpAuthorizationService(
+            IAuthorizationPolicyProvider policyProvider, 
+            IAuthorizationHandlerProvider handlers, 
+            ILogger<DefaultAuthorizationService> logger, 
+            IAuthorizationHandlerContextFactory contextFactory, 
+            IAuthorizationEvaluator evaluator, 
+            IOptions<AuthorizationOptions> options,
+            ICurrentPrincipalAccessor currentPrincipalAccessor)
+            : base(
+                policyProvider,
+                handlers, 
+                logger, 
+                contextFactory, 
+                evaluator, 
+                options)
+        {
+            _currentPrincipalAccessor = currentPrincipalAccessor;
+        }
+
+        public async Task CheckAsync(string policyName)
+        {
+            var result = await AuthorizeAsync(_currentPrincipalAccessor.Principal, null, policyName);
+            if (!result.Succeeded)
+            {
+                throw new AbpAuthorizationException("Authorization failed! Given policy has not granted: " + policyName);
+            }
+        }
+    }
+}

src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationServiceExtensions.cs

@@ -0,0 +1,23 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Volo.Abp.Authorization
+{
+    public static class AbpAuthorizationServiceExtensions
+    {
+        public static Task CheckAsync(this IAuthorizationService authorizationService, string policyName)
+        {
+            return authorizationService.AsAbpAuthorizationService().CheckAsync(policyName);
+        }
+
+        private static IAbpAuthorizationService AsAbpAuthorizationService(this IAuthorizationService authorizationService)
+        {
+            if (!(authorizationService is IAbpAuthorizationService abpAuthorizationService))
+            {
+                throw new AbpException($"{nameof(authorizationService)} should implement {typeof(IAbpAuthorizationService).FullName}");
+            }
+
+            return abpAuthorizationService;
+        }
+    }
+}

src/Volo.Abp.Authorization/Volo/Abp/Authorization/IAbpAuthorizationService.cs

@@ -0,0 +1,10 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Volo.Abp.Authorization
+{
+    public interface IAbpAuthorizationService : IAuthorizationService
+    {
+        Task CheckAsync(string policyName);
+    }
+}

src/Volo.Abp.Permissions.Web/Pages/AbpPermissions/PermissionManagementModal.cshtml.cs

@@ -31,6 +31,9 @@ namespace Volo.Abp.Permissions.Web.Pages.AbpPermissions
 
         public async Task OnGetAsync()
         {
+            ValidateModel();
+            await CheckPolicyAsync(PermissionPermissions.Permissions.Default);
+
             var result = await _permissionAppService.GetAsync(ProviderName, ProviderKey);
             Groups = ObjectMapper.Map<List<PermissionGroupDto>, List<PermissionGroupViewModel>>(result.Groups);
         }
@@ -38,6 +41,7 @@ namespace Volo.Abp.Permissions.Web.Pages.AbpPermissions
         public async Task<IActionResult> OnPostAsync()
         {
             ValidateModel();
+            await CheckPolicyAsync(PermissionPermissions.Permissions.Update);
 
             var updatePermissionDtos = Groups
                 .SelectMany(g => g.Permissions)