Aspnetcore.docs: Single policy with multiple requirements

Created on 1 Feb 2019 · 8Comments · Source: dotnet/AspNetCore.Docs

It's not clear how a single policy with multiple requirements will work. Do all requirements have to pass, or is a single one enough? In other words, does it work like an "AND" or an "OR" between the requirements?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: b1141d92-adeb-6841-229f-914c808f9a2b
Version Independent ID: 7089b376-949f-c1c6-c37a-5d8cc7ecf104
Content: Policy-based authorization in ASP.NET Core
Content Source: aspnetcore/security/authorization/policies.md
Product: aspnet-core
GitHub Login: @Rick-Anderson
Microsoft Alias: riande

P1 P2 Source - Docs.ms

Source

christiansk

All 8 comments

See What should a handler return?
at https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.2#what-should-a-handler-return

Rick-Anderson on 1 Feb 2019

I understand that all handlers for all requirements will be called, but in order for the policy to succeed, is it sufficient for a single one of them to pass? Or does (at least) one handler _for each requirement_ need to pass?

christiansk on 1 Feb 2019

If one handler returns context.Succeed and no handler returns context.Fail, it succeeds.

If any handler returns context.Fail, it fails.

Return Task.CompletedTask when requirements aren't met. Task.CompletedTask is neither success or failure—it allows other authorization handlers to run.

I suppose I could add that to the doc.

@blowdart are you OK with me adding that to the doc?

Rick-Anderson on 1 Feb 2019

👍1

I don't think you need to add that to the docs, it's already well explained. But it all refers to a single requirement with multiple handlers.

My question is about a single policy with multiple requirements, a completely different matter.

christiansk on 1 Feb 2019

Ah, for a policy with multiple requirements all _requirements_ must pass for the policy to pass.

blowdart on 1 Feb 2019

👍1

@christiansk would you be able to create a PR to add that information? Use this link to edit in the browser and create the PR.

Rick-Anderson on 1 Feb 2019

Yes, glad to help. I just submitted the PR (#10754).

christiansk on 2 Feb 2019

Fixed in #10754

Rick-Anderson on 13 Feb 2019

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

.Net Type DateTime correlates to input type="datetime-local"

StevenTCramer · 3Comments

master issue:Update to angular 6

Rick-Anderson · 3Comments

AddClaimAsync failed with SqlException: Cannot insert the value NULL into column 'Id', table 'dbo.AspNetUserClaims'; column does not allow nulls

Rick-Anderson · 3Comments

Is it possible to change environment variable for web.config during Web deploy?

neman · 3Comments

400 "The input was not valid." on POST request

royshouvik · 3Comments