Open captainsafia opened 2 years ago
Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:
Not sure about the adds as both need to be configured. The API sample should show a before and after with options.
API Review Notes:
AddAuthenticationAndAuthorization
given you can call AddAuthentication
and AddAuthorization
in either order? And that there are two different options objects to configure?
UseAuthenticationAndAuthorization
? Do we need it?
UseAuth
wins. We think it implies both authn and authz.UseAuth
live in?
API would be approved if we can find a good assembly for it. Until then, it needs work.
namespace Microsoft.AspNetCore.Builder;
public static class AuthAppBuilderExtensions
{
+ public static IApplicationBuilder UseAuth(this IApplicationBuilder app);
}
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.
It doesn't make sense to use authz without authn.
@halter73 Just FYI I don't use authn middleware in the applications that are just APIs. I don't have a default authn scheme and I also don't need any remote authentication handler. Also all endpoints are marked with Authorize attribute with different scheme.
Thanks for pointing that out it's possible to use authz middleware without authn middleware. It's not a scenario I considered. Fortunately, we are not planning on removing any existing auth APIs, so you should be able to continue using just the authz middleware by itself.
Background and Motivation
To provide an abstraction of registering both authentication and authorization-related middlewares/services in an app with fewer lines of code and build on the foundation of automatically registering middlewares/services that we started in preview5, we would like to add extension methods for registering both authentication and authorization-related middlewares/services via one overload.
Proposed API
Usage Examples
Before
After
After with Options