Answer
Claims-based authorization checks user claims instead of static roles.
Implemented using policy-based authorization:
services.AddAuthorization(options =>
{
options.AddPolicy("HRPolicy",
policy => policy.RequireClaim("Department", "HR"));
});