RequireAuthorization with Razor Pages #17300
Description
Some clarification about using the .RequireAuthorization() extension method with razor pages would be appreciated.
Specifically this section:
The DefaultPolicy is triggered by [Authorize] or RequireAuthorization, while the FallbackPolicy is triggered when no other policy is set. FallbackPolicy is initially configured to allow requests without authorization.
The DefaultPolicy does not appear to trigger with endpoints.MapRazorPages().RequireAuthorization(); like it does with endpoints.MapDefaultControllerRoute().RequireAuthorization();
For razor pages, either a FallbackPolicy or an authorization convention like services.AddRazorPages(opt => opt.Conventions.AuthorizeFolder("/")) appears to be necessary.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 76f39eec-9dd1-6167-56ec-47b26e0b5063
- Version Independent ID: f9f2b0f3-01eb-cf58-8767-194fe0fc0e44
- Content: Migrate from ASP.NET Core 2.2 to 3.0
- Content Source: aspnetcore/migration/22-to-30.md
- Product: aspnet-core
- Technology: aspnetcore-migration
- GitHub Login: @Rick-Anderson
- Microsoft Alias: riande