Authorization policy vs authorization filters in a .NET API. It’s not something I’ve used before and wanted permissive policies (the db to check if you have OR permissions vs AND) and just attaching attributes so the dev can see at a glance what lets you use this endpoint.
It’s a well documented Microsoft process but I didn’t even know where to begin as it’s something I hadn’t used before. I gave it the authorization policy (which was AND logic, and was async so it’d reject it any of them failed) said “how can I have this support lots of attributes” and it just straight up wrote the authorization filter for me. Ran a few tests and it worked.
I know this is basic stuff to some people but boy it made life easier.
