Skip to content

Consider adding an IEndpointConventionBuilder.RequireAuthorization overload that accepts an AuthorizationPolicy #18497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pranavkm opened this issue Jan 22, 2020 · 4 comments
Closed

Consider adding an IEndpointConventionBuilder.RequireAuthorization overload that accepts an AuthorizationPolicy #18497

pranavkm opened this issue Jan 22, 2020 · 4 comments
Labels
area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer enhancement This issue represents an ask for new feature or an enhancement to an existing one old-area-web-frameworks-do-not-use *DEPRECATED* This label is deprecated in favor of the area-mvc and area-minimal labels
Milestone
.NET 7 Planning

Comments

@pranavkm
Copy link
Contributor

Endpoint routing has a way to configure auth using RequireAuthorization: https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.authorizationendpointconventionbuilderextensions?view=aspnetcore-3.1. The overloads allow specifying names of policies, but no way of specifying a policy itself.

Compare this to AuthorizeFilter which has an overload that allows specifying a policy: https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.authorization.authorizefilter.-ctor?view=aspnetcore-3.1#Microsoft_AspNetCore_Mvc_Authorization_AuthorizeFilter__ctor_Microsoft_AspNetCore_Authorization_AuthorizationPolicy_

This overload allows for fairly easy to follow auth setup:

aspnetcore/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs

Lines 112 to 118 in bc60e95

services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});

@pranavkm
Copy link
Contributor Author

/cc @blowdart \ @HaoK

Right now, doing the equivalent of the code snippet requires setting up a policy during ConfigureServices and looking it up by name as part of UseEndpoints. Having this would make the transition from filter to endpoint routing much cleaner.

@mkArtakMSFT mkArtakMSFT added the area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer label Jan 22, 2020
@analogrelay analogrelay added this to the Backlog milestone Jan 23, 2020
@analogrelay analogrelay added the enhancement This issue represents an ask for new feature or an enhancement to an existing one label Jan 23, 2020
@rynowak
Copy link
Member

rynowak commented Feb 7, 2020

@blowdart @HaoK - can you think of a reason we didn't do this?

@ghost
Copy link

ghost commented Nov 19, 2021

Thanks for contacting us.

We're moving this issue to the .NET 7 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

@rafikiassumani-msft rafikiassumani-msft added the old-area-web-frameworks-do-not-use *DEPRECATED* This label is deprecated in favor of the area-mvc and area-minimal labels label Nov 19, 2021
@captainsafia
Copy link
Member

Closing as resolved via #41153.

@ghost ghost locked as resolved and limited conversation to collaborators Sep 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-auth Includes: Authn, Authz, OAuth, OIDC, Bearer enhancement This issue represents an ask for new feature or an enhancement to an existing one old-area-web-frameworks-do-not-use *DEPRECATED* This label is deprecated in favor of the area-mvc and area-minimal labels
Projects
None yet
Milestone
.NET 7 Planning
Development

No branches or pull requests
6 participants
@analogrelay @pranavkm @rynowak @captainsafia @mkArtakMSFT @rafikiassumani-msft