Currently I'm using .NET 7 with Minimal API.
I've created several methods in WebApplicationBuilder extension class, for Default policy set:
private static void AddDefaultAuthorization(this WebApplicationBuilder builder)
{
builder.Services.AddAuthorization(options =>
{
options.DefaultPolicy = builder.GetBasicAuthorizationPolicy();
});
}
private static AuthorizationPolicy GetBasicAuthorizationPolicy(this WebApplicationBuilder builder)
{
var settings = builder.Services.BuildServiceProvider().GetRequiredService<AppSettings>();
return new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddRequirements(
new ContinentRequirement(settings.Continent)
)
.Build();
}
As you can see, my default authorization - require authenticated user and ContinentRequirement.
I'm also using Minimal API, with RouteGroupBuilder:
internal static class Upload
{
public static RouteGroupBuilder MapUploadImages(this RouteGroupBuilder routes)
{
routes.MapPost("/upload/images", () => Results.Ok())
.WithName("UploadImages")
.WithPermissions(Permission.Upload);
return routes;
}
}
What do I want to do - add to this route a new authorization requirement, based on permissions. But - previous, default requirements (authenticated user, continent requirement) should work too.
I can do like this:
public static RouteHandlerBuilder WithPermissions(this RouteHandlerBuilder builder, string[] permissions)
{
return builder
.RequireAuthorization(gp => gp.AddRequirements(
new PermissionRequirement(permissions));
}
but this will add ONLY permission requirement to this route - default authorization requirement will not be called.
Ant ideas? Is it possible to set several requirements as DEFAULT, and just extend them for different routes?
