[Refactoring] Move local authz policies to global authz policies

[captainsafia]

Background and Motivation

In .NET 7, we introduced the RequireAuthorization extension method that allowed a user to construct and add an authorization policy onto an endpoint with on invocation. There are scenarios were users would want to factor these policies out to from endpoint-specific (local) to global policies on the application.

Proposed Refactoring

Refactoring Behavior and Message

When right-clicking on a line of code with a RequireAuthorization option the refactoring will be provided with the following message:

Convert to global authorization policy

Usage Scenarios

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthorization();

var app = builder.Build();

app.UseAuthorization();

app.MapGet("/", () => "Hello world!")
  .RequireAuthorization(policy => p.RequireClaim("scope", "api-access")));

app.Run();

[ghost]

Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:

• The PR contains changes to the reference-assembly that describe the API change. Or, you have included a snippet of reference-assembly-style code that illustrates the API change.
• The PR describes the impact to users, both positive (useful new APIs) and negative (breaking changes).
• Someone is assigned to "champion" this change in the meeting, and they understand the impact and design of the change.

[ghost]

We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.

[jabellard]

@rafikiassumani-msft , @captainsafia : I can take on this.