Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Analyzer/Codefixer] Recommend using `AddAuthorizationBuilder` for configuring global policies

See original GitHub issue

Background and Motivation

In .NET 7, we introduced an AddAuthorizationBuilder extension method on IServiceCollection that would register authorization-related services and provide an AuthorizationBuilder for constructing policies. This is an abbreviated syntax that allows reduces nesting in the original pattern of calling AddAuthorization and providing a policy construct as a callback.

Proposed Analyzer

Analyzer Behavior and Message

When the user provides code where AddAuthorizationBuilder would provide a more abbreviated style, recommend a codefix with the following message:

Use AddAuthorizationBuilder to register authorization services and construct policies.

Severity Level

Error
Warning
Info
Hidden

Usage Scenarios

Before

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("AtLeast21", policy =>
        policy.Requirements.Add(new MinimumAgeRequirement(21)));
});

var app = builder.Build();

app.UseAuthorization();

app.Run();

After

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddAuthorizationBuilder()
  .AddPolicy("AtLeast21", policy =>
  {
        policy.Requirements.Add(new MinimumAgeRequirement(21)));
  });

var app = builder.Build();

app.UseAuthorization();

app.Run();

Risks

Marking this as an info-only analyzer strikes a good balance between informing the user of this feature without being too presumptuous (via a warning). A refactoring would not have been good at educating the user about the functionality.