daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update to include PassThroughAuthorizationHandler (#22551) 

* Update to include PassThroughAuthorizationHandler

Adding a description of why mixing a handler and policy in the same class removes the need for DI registration.

Fixes https://github.com/dotnet/AspNetCore.Docs/issues/18695

* Update aspnetcore/security/authorization/policies.md

Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com>
pull/22586/head
Barry Dorrans 2021-06-21 15:58:30 -07:00 committed by GitHub
parent 21e12d47bb
commit 10e00e155c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
aspnetcore/security/authorization/policies.md
View File

@ -171,6 +171,10 @@ Handlers are registered in the services collection during configuration. For exa
The preceding code registers `MinimumAgeHandler` as a singleton by invoking `services.AddSingleton<IAuthorizationHandler, MinimumAgeHandler>();`. Handlers can be registered using any of the built-in [service lifetimes](xref:fundamentals/dependency-injection#service-lifetimes).
It's possible to bundle both a requirement and a handler in a single class implementing both <xref:Microsoft.AspNetCore.Authorization.IAuthorizationRequirement> and /dotnet/api/microsoft.aspnetcore.authorization.iauthorizationhandler. This creates a tight coupling between the handler and requirement and is only recommended for simple requirements and handlers. Creating a class which implements both interfaces removes the need to register the handler in DI due to the built-in [PassThroughtAuthorizationHandler](https://github.com/dotnet/aspnetcore/blob/v5.0.7/src/Security/Authorization/Core/src/PassThroughAuthorizationHandler.cs) that allows requirements to handle themselves.
See the [AssertionRequirement class](https://github.com/dotnet/aspnetcore/blob/52eff90fbcfca39b7eb58baad597df6a99a542b0/src/Security/Authorization/Core/src/AssertionRequirement.cs#L13) for a good example where the `AssertionRequirement` is both a requirement and the handler in a fully self contained class.
## What should a handler return?
Note that the `Handle` method in the [handler example](#security-authorization-handler-example) returns no value. How is a status of either success or failure indicated?