Consider adding an IEndpointConventionBuilder.RequireAuthorization overload that accepts an AuthorizationPolicy

[pranavkm]

Endpoint routing has a way to configure auth using RequireAuthorization: https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.authorizationendpointconventionbuilderextensions?view=aspnetcore-3.1. The overloads allow specifying names of policies, but no way of specifying a policy itself.

Compare this to AuthorizeFilter which has an overload that allows specifying a policy: https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.authorization.authorizefilter.-ctor?view=aspnetcore-3.1#Microsoft_AspNetCore_Mvc_Authorization_AuthorizeFilter__ctor_Microsoft_AspNetCore_Authorization_AuthorizationPolicy_

This overload allows for fairly easy to follow auth setup:

aspnetcore/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/Startup.cs

Lines 112 to 118 in bc60e95

	services.AddControllersWithViews(options =>
	{
	var policy = new AuthorizationPolicyBuilder()
	.RequireAuthenticatedUser()
	.Build();
	options.Filters.Add(new AuthorizeFilter(policy));
	});

[pranavkm]

/cc @blowdart \ @HaoK

Right now, doing the equivalent of the code snippet requires setting up a policy during ConfigureServices and looking it up by name as part of UseEndpoints. Having this would make the transition from filter to endpoint routing much cleaner.

[rynowak]

@blowdart @HaoK - can you think of a reason we didn't do this?

Thanks for contacting us.

We're moving this issue to the .NET 7 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[captainsafia]

Closing as resolved via #41153.