Update authorization samples to use AddAuthorizationBuilder() for .NET 7+

[Copilot]

Multiple authorization documentation articles use AddAuthorization() which triggers ASP0025 analyzer warning in .NET 7+. The modern pattern is AddAuthorizationBuilder().

Note: One new version of all the app samples needed to be made to represent .NET 7 and above. This is why there are so many files.

Changes

Following pattern from PR #36675:

Samples Updated:

• limitingidentitybyscheme - "Over18" policy, multiple authentication schemes
• resourcebased - "EditPolicy" with custom requirements
• roles - "RequireAdministratorRole", "ElevatedRights" policies

Structure:

• Created 7.x/ folders with updated samples (target net7.0)
• Moved existing samples to 6.x/ folders (preserved as-is)
• Split markdown moniker ranges: >= aspnetcore-7.0 and = aspnetcore-6.0

Example

Before (.NET 6):

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("Over18", policy =>
    {
        policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
        policy.RequireAuthenticatedUser();
        policy.Requirements.Add(new MinimumAgeRequirement(18));
    });
});

After (.NET 7+):

builder.Services.AddAuthorizationBuilder()
    .AddPolicy("Over18", policy =>
    {
        policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
        policy.RequireAuthenticatedUser();
        policy.Requirements.Add(new MinimumAgeRequirement(18));
    });

Original prompt

---

This section details on the original issue you should resolve

<issue_title>More code samples for authorization use legacy approach for registering in DI container</issue_title>
<issue_description>### Description

A continuation of #36666. Also see its related PR #36675

More code samples under authorization have the same issue: they use AddAuthorization() instead of AddAuthorizationBuilder().

Namely:

• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-10.0#selecting-the-scheme-with-policies
• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-10.0#use-multiple-authentication-schemes
• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/resourcebased?view=aspnetcore-10.0
• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-10.0
• and so on

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-10.0#selecting-the-scheme-with-policies

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authorization/limitingidentitybyscheme.md

Document ID

0096c365-2f4e-5d21-89a0-c4f10fcb0ed9

Platform Id

099e63e1-c27f-9f00-8885-c551419ae35a

Article author

@wadepickett

Metadata

• ID: ee71441f-471a-89cd-0ef4-9b32b5dd85cf
• PlatformId: 099e63e1-c27f-9f00-8885-c551419ae35a
• Service: aspnet-core
• Sub-service: security

Related Issues</issue_description>

<agent_instructions>Read the issue description plus all documents linked in the description plus read the comments which include additonal instructions.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@wadepickett Thanks again @abatishchev! @wadepickett ## 🤖 AI Triage Summary

📌 Note to community: This is an automated preliminary analysis to help our documentation team quickly review, determine scope and prioritize this issue. This report is not a resolution and requires human review.

---

This preliminary assessment report was run by: @wadepickett
Date: 2026-01-30
Issue: 36717
Model: GitHub Copilot

---

Issue Analysis: More code samples for authorization use legacy approach for registering in DI container

✅ Issue Validation

Status: Valid and actionable

📋 Issue Summary

This issue is a continuation of #36666, which was addressed by PR dotnet/AspNetCore.Docs#36675. Multiple code samples throughout the authorization documentation section use AddAuthorization() instead of AddAuthorizationBuilder(). This pattern triggers analyzer warning ASP0025. Since .NET 7+, the recommended approach is to use AddAuthorizationBuilder() which is more concise and follows current best practices.

The approach established in PR #36675 should be followed: create new 7.x code samples while preserving existing 6.x samples for backward compatibility.

📁 Potentially Affected Files

These files have been identified as possibly related to this issue and may need review.

1. Limiting Identity by Scheme - Program.cs

File	Path	Lines	Section
Code sample	aspnetcore/security/authorization/limitingidentitybyscheme/samples/AuthScheme/Program.cs	60-68	snippet2 region - "Over18" policy
Code sample	aspnetcore/security/authorization/limitingidentitybyscheme/samples/AuthScheme/Program.cs	124-132	snippet_ma region - Default authorization policy
Main article	aspnetcore/security/authorization/limitingidentitybyscheme.md	134-144	"Selecting the scheme with policies" inline code

2. Resource-based Authorization - Program.cs

File	Path	Lines	Section
Code samp...

• Fixes More code samples for authorization use legacy approach for registering in DI container #36717

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Internal previews

📄 File	🔗 Preview link
aspnetcore/security/authorization/limitingidentitybyscheme.md	aspnetcore/security/authorization/limitingidentitybyscheme
aspnetcore/security/authorization/resourcebased.md	aspnetcore/security/authorization/resourcebased
aspnetcore/security/authorization/resourcebased/samples/7.x/ResourceBasedAuthApp2/wwwroot/lib/jquery-validation/LICENSE.md	aspnetcore/security/authorization/resourcebased/samples/7.x/ResourceBasedAuthApp2/wwwroot/lib/jquery-validation/LICENSE
aspnetcore/security/authorization/roles.md	aspnetcore/security/authorization/roles

[wadepickett]

Policheck errors are on 3rd party open source jquery-validation library, which need to stay as they are and will not be changed. Known false positive issue for Policheck which has been discussed with the Policheck team.

[wadepickett]

Approved.

[wadepickett]

• Updated 7.x samples use AddAuthorizationBuilder() pattern
• Preserved 6.x samples with legacy AddAuthorization() pattern
• Moniker ranges correctly split between >= aspnetcore-7.0 and = aspnetcore-6.0
• Technical implementation is correct and addresses ASP0025 analyzer warning
• Metadata properly updated with ai-usage: ai-assisted and current date