daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
AspNetCore.Docs/aspnetcore/diagnostics/asp0025.md

92 lines
3.6 KiB
Markdown
Raw Normal View History

Document ASP0025 code analyzer (#29252)
2023-05-16 02:36:50 +08:00
---
title: "ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies."
ms.date: 05/11/2023
description: "Learn about analysis rule ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies."
author: tdykstra
monikerRange: '>= aspnetcore-8.0'
ms.author: tdykstra
uid: diagnostics/asp0025
---
# ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies.
| | Value |
|-|-|
| **Rule ID** |ASP0025|
| **Category** |Usage|
| **Fix is breaking or non-breaking** |Non-breaking|
## Cause
The use of <xref:Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions.AddAuthorization%2A> can be converted to the new <xref:Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions.AddAuthorizationBuilder%2A>.
## Rule description
Use `AddAuthorizationBuilder` to register authorization services and construct policies.
## How to fix violations
To fix a violation of this rule, replace the usage of `AddAuthorization` with `AddAuthorizationBuilder`.
The code fix converts any usage of the setters for the following properties of <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions>:
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy>
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy>
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure>
These setter usages are converted to equivalent method calls on <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder>:
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetDefaultPolicy%2A>
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetFallbackPolicy%2A>
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetInvokeHandlersAfterFailure%2A>
No diagnostic is reported when the configure action passed to `AddAuthorization` uses any of the following members of `AuthorizationOptions`:
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.GetPolicy(System.String)> method
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy> getter
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy> getter
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure> getter
`AuthorizationBuilder` doesn't have equivalents for these members of `AuthorizationOptions`, so they can't be converted.
No diagnostic is reported if the configure action passed to `AddAuthorization` contains operations unrelated to `AuthorizationOptions`. The code fix would not be able to automatically map unrelated operations to the fluent API of `AddAuthorizationBuilder`.
The following example shows code that triggers this diagnostic:
```csharp
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AtLeast21", policy =>
policy.Requirements.Add(new MinimumAgeRequirement(21)));
});
var app = builder.Build();
app.UseAuthorization();
app.Run();
```
The following example shows the result of applying the code fix:
```csharp
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthorizationBuilder()
.AddPolicy("AtLeast21", policy =>
{
policy.Requirements.Add(new MinimumAgeRequirement(21)));
});
var app = builder.Build();
app.UseAuthorization();
app.Run();
```
## When to suppress warnings
The severity level of this diagnostic is Information. Suppress warnings if you don't want to use the new syntax.