Open hansmbakker opened 5 years ago
OperationSecurityScopeProcessor looks at Roles of an AuthorizeAttribute but ignores it if there are no roles given. It does not work if the AuthorizeAttribute has a Policy property but no Roles.
Roles
AuthorizeAttribute
Policy
How does this work with https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.1?
Either you write your own OperationSecurityScopeProcessor or we have to enhace the existing one so that it supports more scenarios..
OperationSecurityScopeProcessor looks at
Roles
of anAuthorizeAttribute
but ignores it if there are no roles given. It does not work if theAuthorizeAttribute
has aPolicy
property but noRoles
.How does this work with https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.1?