3.6 KiB
| title | ms.date | description | author | monikerRange | ms.author | uid |
|---|---|---|---|---|---|---|
| ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies. | 05/11/2023 | Learn about analysis rule ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies. | tdykstra | >= aspnetcore-8.0 | tdykstra | diagnostics/asp0025 |
ASP0025: Use AddAuthorizationBuilder to register authorization services and construct policies.
| Value | |
|---|---|
| Rule ID | ASP0025 |
| Category | Usage |
| Fix is breaking or non-breaking | Non-breaking |
Cause
The use of xref:Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions.AddAuthorization%2A can be converted to the new xref:Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions.AddAuthorizationBuilder%2A.
Rule description
Use AddAuthorizationBuilder to register authorization services and construct policies.
How to fix violations
To fix a violation of this rule, replace the usage of AddAuthorization with AddAuthorizationBuilder.
The code fix converts any usage of the setters for the following properties of xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions:
- xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy
- xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy
- xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure
These setter usages are converted to equivalent method calls on xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder:
- xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetDefaultPolicy%2A
- xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetFallbackPolicy%2A
- xref:Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetInvokeHandlersAfterFailure%2A
No diagnostic is reported when the configure action passed to AddAuthorization uses any of the following members of AuthorizationOptions:
- The xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.GetPolicy(System.String) method
- The xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy getter
- The xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy getter
- The xref:Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure getter
AuthorizationBuilder doesn't have equivalents for these members of AuthorizationOptions, so they can't be converted.
No diagnostic is reported if the configure action passed to AddAuthorization contains operations unrelated to AuthorizationOptions. The code fix would not be able to automatically map unrelated operations to the fluent API of AddAuthorizationBuilder.
The following example shows code that triggers this diagnostic:
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AtLeast21", policy =>
policy.Requirements.Add(new MinimumAgeRequirement(21)));
});
var app = builder.Build();
app.UseAuthorization();
app.Run();
The following example shows the result of applying the code fix:
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthorizationBuilder()
.AddPolicy("AtLeast21", policy =>
{
policy.Requirements.Add(new MinimumAgeRequirement(21)));
});
var app = builder.Build();
app.UseAuthorization();
app.Run();
When to suppress warnings
The severity level of this diagnostic is Information. Suppress warnings if you don't want to use the new syntax.