DavidParks8
commented
8 years ago This is primarily my fault for not writing a "contributing.md" file yet, but in the future I will only accept pull requests to the dev branch.
Good catch with the DefaultAuthorizationService bug.
Looking at the code now, I agree that AdditionalHandlers could be removed with the feature still existing through dependency injection. I'll make a note to do exactly that.
splitting up IAuthorizationRequirement and AuthorizationHandler, it is necessary to register itas AdditionalHandler -> this AdditionalHandler is not considered in DefaultAuthorizationService
updated WebApi OWIN sample to demonstrate
BTW: the main reason for this split is to allow dependency injection in the AuthorizationHandler, so I'm not sure if this AdditionalHandler mechanism in the backport is the best strategy...