Closed
Description
Endpoint routing has a way to configure auth using RequireAuthorization
: https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.authorizationendpointconventionbuilderextensions?view=aspnetcore-3.1. The overloads allow specifying names of policies, but no way of specifying a policy itself.
Compare this to AuthorizeFilter
which has an overload that allows specifying a policy: https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.authorization.authorizefilter.-ctor?view=aspnetcore-3.1#Microsoft_AspNetCore_Mvc_Authorization_AuthorizeFilter__ctor_Microsoft_AspNetCore_Authorization_AuthorizationPolicy_
This overload allows for fairly easy to follow auth setup: