The example in this article creates confusion because of mixing custom policy provider and IAuthrizationRequirementData.
There's no explanation of how framework actually behaves.
It's not needed to inherit from Authorize attribute.
If attribute implements IAuthrizationRequirementData, either active policy will be extended with the requirements IAuthrizationRequirementData yields, or new policy will be created dynamically.
Description
The example in this article creates confusion because of mixing custom policy provider and
IAuthrizationRequirementData
. There's no explanation of how framework actually behaves.It's not needed to inherit from
Authorize
attribute. If attribute implementsIAuthrizationRequirementData
, either active policy will be extended with the requirementsIAuthrizationRequirementData
yields, or new policy will be created dynamically.See this example: https://github.com/voroninp/AuthorizationRequirementDataTest
Page URL
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/iard?view=aspnetcore-8.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authorization/iard.md
Document ID
f6195feb-aade-5e5a-dc6d-6a6b9bb6038e
Article author
@Rick-Anderson