Authorization resource in endpoint routing will now be HttpContext

[HaoK]

Copied from dotnet/docs#19034

[AspNetCore] Authorization resource in endpoint routing will now be HttpContext

Prior to this change, when using endpoint routing, the resource used for authorization would be the endpoint. This was insufficient to get access to the route data. Previously in MVC, the resource that was passed in was HttpContext which allows access to both the Endpoint and RouteData. This change just makes it so the resource passed into Authorization is always the HttpContext.

Version introduced

5.0-preview7

Old behavior

When using Endpoint routing and the AuthorizationMiddleware/AuthorizeAttributes, the resource passed into Authorization would be the matching Endpoint.

New behavior

Endpoint routing will now pass in the HttpContext into Authorization.

Reason for change

You can get to the Endpoint from the HttpContext, but there was no way to get from the Endpoint to things like the RouteData, so this was a loss in functionality from non endpoint routing.

Recommended action

If your app was using the Endpoint resource before, you will simply need to call GetEndpoint() on the HttpContext to continue to access the endpoint.

Category

• ASP.NET Core

Affected APIs

 "Not detectable via API analysis"

---

Issue metadata

• Issue type: breaking-change

[scottaddie]

Moved to the aspnet/Announcements repo.