search

dotnet / AspNetCore.Docs

Documentation for ASP.NET Core
https://docs.microsoft.com/aspnet/core
Creative Commons Attribution 4.0 International
12.54k stars 25.31k forks source link

Needs more details. #33353

Open voroninp opened 1 month ago

voroninp commented 1 month ago

Description

The example in this article creates confusion because of mixing custom policy provider and IAuthrizationRequirementData. There's no explanation of how framework actually behaves.

It's not needed to inherit from Authorize attribute. If attribute implements IAuthrizationRequirementData, either active policy will be extended with the requirements IAuthrizationRequirementData yields, or new policy will be created dynamically.

See this example: https://github.com/voroninp/AuthorizationRequirementDataTest

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/iard?view=aspnetcore-8.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authorization/iard.md

Document ID

f6195feb-aade-5e5a-dc6d-6a6b9bb6038e

Article author

@Rick-Anderson

Rick-Anderson commented 1 month ago

@blowdart please comment

blowdart commented 1 month ago

Not me (and it hasn't been for ages)

@mkArtakMSFT to assign