dotnet/aspnetcore

[Refactoring] Move local authz policies to global authz policies

Open

#45,220 opened on Nov 21, 2022

View on GitHub
 (3 comments) (0 reactions) (0 assignees)C# (10,653 forks)batch import
analyzerarea-authhelp wanted

Repository metrics

Stars
 (37,933 stars)
PR merge metrics
 (Avg merge 16d 9h) (258 merged PRs in 30d)

Description

Background and Motivation

In .NET 7, we introduced the RequireAuthorization extension method that allowed a user to construct and add an authorization policy onto an endpoint with on invocation. There are scenarios were users would want to factor these policies out to from endpoint-specific (local) to global policies on the application.

Proposed Refactoring

Refactoring Behavior and Message

When right-clicking on a line of code with a RequireAuthorization option the refactoring will be provided with the following message:

Convert to global authorization policy

Usage Scenarios

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthorization();

var app = builder.Build();

app.UseAuthorization();

app.MapGet("/", () => "Hello world!")
  .RequireAuthorization(policy => p.RequireClaim("scope", "api-access")));

app.Run();

Contributor guide