92 lines
3.6 KiB
Markdown
92 lines
3.6 KiB
Markdown
---
|
|
title: "ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies."
|
|
ms.date: 05/11/2023
|
|
description: "Learn about analysis rule ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies."
|
|
author: tdykstra
|
|
monikerRange: '>= aspnetcore-8.0'
|
|
ms.author: tdykstra
|
|
uid: diagnostics/asp0025
|
|
---
|
|
# ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies.
|
|
|
|
| | Value |
|
|
|-|-|
|
|
| **Rule ID** |ASP0025|
|
|
| **Category** |Usage|
|
|
| **Fix is breaking or non-breaking** |Non-breaking|
|
|
|
|
## Cause
|
|
|
|
The use of <xref:Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions.AddAuthorization%2A> can be converted to the new <xref:Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions.AddAuthorizationBuilder%2A>.
|
|
|
|
## Rule description
|
|
|
|
Use `AddAuthorizationBuilder` to register authorization services and construct policies.
|
|
|
|
## How to fix violations
|
|
|
|
To fix a violation of this rule, replace the usage of `AddAuthorization` with `AddAuthorizationBuilder`.
|
|
|
|
The code fix converts any usage of the setters for the following properties of <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions>:
|
|
|
|
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy>
|
|
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy>
|
|
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure>
|
|
|
|
These setter usages are converted to equivalent method calls on <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder>:
|
|
|
|
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetDefaultPolicy%2A>
|
|
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetFallbackPolicy%2A>
|
|
* <xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetInvokeHandlersAfterFailure%2A>
|
|
|
|
No diagnostic is reported when the configure action passed to `AddAuthorization` uses any of the following members of `AuthorizationOptions`:
|
|
|
|
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.GetPolicy(System.String)> method
|
|
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy> getter
|
|
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy> getter
|
|
* The <xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure> getter
|
|
|
|
`AuthorizationBuilder` doesn't have equivalents for these members of `AuthorizationOptions`, so they can't be converted.
|
|
|
|
No diagnostic is reported if the configure action passed to `AddAuthorization` contains operations unrelated to `AuthorizationOptions`. The code fix would not be able to automatically map unrelated operations to the fluent API of `AddAuthorizationBuilder`.
|
|
|
|
The following example shows code that triggers this diagnostic:
|
|
|
|
```csharp
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
builder.Services.AddAuthorization(options =>
|
|
{
|
|
options.AddPolicy("AtLeast21", policy =>
|
|
policy.Requirements.Add(new MinimumAgeRequirement(21)));
|
|
});
|
|
|
|
var app = builder.Build();
|
|
|
|
app.UseAuthorization();
|
|
|
|
app.Run();
|
|
```
|
|
|
|
The following example shows the result of applying the code fix:
|
|
|
|
```csharp
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
builder.Services.AddAuthorizationBuilder()
|
|
.AddPolicy("AtLeast21", policy =>
|
|
{
|
|
policy.Requirements.Add(new MinimumAgeRequirement(21)));
|
|
});
|
|
|
|
var app = builder.Build();
|
|
|
|
app.UseAuthorization();
|
|
|
|
app.Run();
|
|
```
|
|
|
|
## When to suppress warnings
|
|
|
|
The severity level of this diagnostic is Information. Suppress warnings if you don't want to use the new syntax.
|