Actually, I just found this function in the github for this package here: https://github.com/aspnet/AspNetCore/blob/master/src/Security/Authorization/Policy/src/PolicyServiceCollectionExtensions.cs#L47

However, despite the fact that I can see class PolicyServiceCollectionExtensions, it does not add the AddAuthorization method in my code (I still get a build error saying that AddAuthorization does not exist). Is this code not available in version 2.2.0?

Since the suggested workaround isn't working for me, I'm using the following workaround:

```C#

if NETSTANDARD2_1

    public static IServiceCollection AddAuthorization(this IServiceCollection services, Action<AuthorizationOptions> configure)
           => services.AddAuthorizationCore(configure);

endif

```

.net standard 2.1 is only supported on core 3.0 so if you build for that target, your library will not work on 2.2

You can create a standard 2.0 library and it will work on 3.0 and 2.2, and then I believe you would only need to reference one of the two libraries with the method in it.

I opened the library and I can confirm I don't see that method there.

Related to #14525

@ajaybhargavb can you comment? I only see AddAuthorizationPolicyEvaluator in that library.

@HaoK can you help?

So its a breaking change in 3.0, AddAuthorization was moved into the Policy dll.

For 2.2, its still in the base dll, you will need to have a different binary for 2.2 as compared to 3.0

.net standard 2.1 is only supported on core 3.0 so if you build for that target, your library will not work on 2.2

You can create a standard 2.0 library and it will work on 3.0 and 2.2, and then I believe you would only need to reference one of the two libraries with the method in it.

@Thraka
Yes. My use case is a library that compiles to both .net standard 2.0 and 2.1 (to use both core SDK 2.2 and 3.0). The conditionally compiled code in my sample that works around the problem only compiles in .net standard 2.1, because that's the only target framework that suffers this problem (it wouldn't compile in net standard 2.0 since AddAuthorizationCore doesn't exist in 2.0).

So its a breaking change in 3.0, AddAuthorization was moved into the Policy dll.

For 2.2, its still in the base dll, you will need to have a different binary for 2.2 as compared to 3.0

@HaoK
I don't see AddAuthorization in version 2.2 (the latest on nuget) for the policy library. That's the issue. The documentation claims that this is available, but presumably there needs to be a released version 3.0 of the policy library (which doesn't exist yet).

As the title of the documentation is breaking changes from 2.2 to 3.0, this change doesn't happen until 3.0

@HaoK I believe this issue is reporting that the policy library downloaded from nuget doesn't seem to have the method the documentation says it should have. I grabbed it and threw it in a decompiler and I only see AddAuthorizationPolicyEvaluator in that library, I don't see AddAuthorization.

@Alexei-B I'm curious as to why you would want your library compiling both for 2.0 and 2.1 instead of just 2.0?

Oh so the issue is really the 3.0 package isn't showing up on nuget

In 3.0 Microsoft.AspNetCore.Authorization.Policy is part of the shared framework. See https://docs.microsoft.com/en-us/aspnet/core/migration/22-to-30?view=aspnetcore-3.0&tabs=visual-studio#framework-reference for referencing shared framework APIs from libraries.

Perhaps @Alexei-B isn't referencing the Microsoft.NET.Sdk.Web SDK and that is why it is missing?

@Thraka right, library developers don't reference the web SDK. That's what the framework reference is for.

@Tratcher

Oh duh, I missed that part ahahaha. So then for the article, should the guidance be changed to actually add <FrameworkReference Include="Microsoft.AspNetCore.App" /> instead of what they are being told to do?

Suggested text:
The core AddAuthorization methods that used to reside in Microsoft.AspNetCore.Authorization were renamed to AddAuthorizationCore. The old AddAuthorization methods still exist, but are in the Microsoft.AspNetCore.Authorization.Policy assembly instead. Apps using both methods should see no impact. Note that Microsoft.AspNetCore.Authorization.Policy now ships in the shared framework rather than a standalone package as discussed in #shared-framework-assemblies-removed-from-microsoftaspnetcoreapp

As the title of the documentation is breaking changes from 2.2 to 3.0, this change doesn't happen until 3.0

My problem is this is documentation that recommends a fix that doesn't exist yet:

Documentation shouldn't recommend suggested workarounds that don't work.

@Alexei-B I'm curious as to why you would want your library compiling both for 2.0 and 2.1 instead of just 2.0?

The library adds authorization behavior and policy common to the platform we are developing. Some of our developers will be working with .NET Core 2.2, and some with .NET Core 3.0. We need to support both. When trying to use our library (unmodified and just built to .netstandard 2.0) with an application using ASP.NET Core 3.0, I get an exception for the missing method AddAuthorization.

Ideally, the fix suggested in the documentation would work, then I could simply modify our csproj to build to .netstandard 2.0 and 2.1, then change the packages for 2.1 to include the Microsoft.AspNetCore.Authorization.Policy library at version 3.0. However, since this doesn't work I am using the #if based workaround I posted earlier for now.

Suggested text:
The core AddAuthorization methods that used to reside in Microsoft.AspNetCore.Authorization were renamed to AddAuthorizationCore. The old AddAuthorization methods still exist, but are in the Microsoft.AspNetCore.Authorization.Policy assembly instead. Apps using both methods should see no impact. Note that Microsoft.AspNetCore.Authorization.Policy now ships in the shared framework rather than a standalone package as discussed in #shared-framework-assemblies-removed-from-microsoftaspnetcoreapp

I'm fine with this text being used when (and only when) Microsoft.AspNetCore.Authorization.Policy actually solves the problem.

To be more specific, what I'd like to see in the documentation is a notice that the ideal fix of using the policy library isn't available yet, so that other people don't also lose a few hours going down the same rabbit hole I did. It's extremely misleading and quite disheartening.

While I'm ranting about this, the reason for the change comes off as a bit strange:

AddAuthorization is a better method name for adding all common services needed for authorization.

This is ambiguous wording, but aside from that, did we really need a breaking change to go from AddAuthorization to AddAuthorizationCore? Sure, maybe AddAuthorization isn't the best possible name. But then how is AddAuthorizationCore more preferable? Something like AddAnAuthorizer isn't really in the naming convention but might express the meaning a bit better. AddAuthorizationCore is just confusing.

Anyway, that's a subjective complaint. The change I want is still just to not describe workarounds to breaking changes that don't exist yet without explaining that they don't exist yet.

@alexei-B a Microsoft.AspNetCore.Authorization.Policy 3.0 package will not be published to nuget.org. The advice I gave in https://github.com/dotnet/docs/issues/15745#issuecomment-552000932 should already work.

Can you elaborate on the suggestion?

I tried making an ASP.NET application using .NET Core 3.0 using our library without the fix I used and it did not work. I got a missing method exception for AddAuthorization.

I also tried simply compiling our library to .NET Standard 2.1, which failed to compile saying that the method AddAuthorization did not exist.

If this is part of the shared framework, shouldn't the first solution work fine?

Libraries that want to use 3.0 functionality need to cross compile to netcoreapp3.0 and add <FrameworkReference Include="Microsoft.AspNetCore.App" />

OK - so the official line is that it's now not possible to use previously working .NET Standard 2.0 libraries with .NET Core 3.0 if they used any feature that is on the list of breaking changes?

Excellent :|

Correct.

Well, thank you for being straightforwards about it.

I'm dumbfounded that .NET Standard forward compatibility is this fragile.

Since this isn't actually an issue with the documentation and is more an issue with the choice to break forward compatibility, I can't justify holding this issue open.

Note this is unrelated to .NET standard, these libraries were never part of the .NET standard, they only complied against it. The primary breaking change was when these libraries moved from targeting netstandard2.0 to targeting netcoreapp3.0.

That's definitely a more accurate way of putting it. That said, the effect is still that you can't tell if a .NET Standard 2.0 library will work with a .NET Core 3.0 application until it crashes at runtime, unless you rebuild that library for .NET Standard 2.1, which isn't ideal.

That's definitely a more accurate way of putting it. That said, the effect is still that you can't tell if a .NET Standard 2.0 library will work with a .NET Core 3.0 application until it crashes at runtime, unless you rebuild that library for .NET Standard 2.1, which isn't ideal.

@Alexei-B can you please let me know what resolution you took?. documentation is not clear to me still. I think am in the same place as you were. Trying to add "AddAuthorization() call inside .net standard 2.0 for .net core 3.0 app; ending up with "Method not found" runtime exception. Thanks.