When using AuthorizationMiddleware and RequestAuthorizationMiddleware, would it be possible to require that both authorizations are performed and raise an exception if not? If I understand correctly, it is not the case now.
When making applications that have multiple roles, I make a prefix for each role. I use the requestPolicy to check that the prefix matches the role. I also need to check authorizations on actions, but as it is now (if not mistaken), the exception is not raised if I forget to check them. Those exceptions are very convenient.
When using AuthorizationMiddleware and RequestAuthorizationMiddleware, would it be possible to require that both authorizations are performed and raise an exception if not? If I understand correctly, it is not the case now.
When making applications that have multiple roles, I make a prefix for each role. I use the requestPolicy to check that the prefix matches the role. I also need to check authorizations on actions, but as it is now (if not mistaken), the exception is not raised if I forget to check them. Those exceptions are very convenient.
I hope it make sens.