Events
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
With 4 chances to enter, you could win a conference package and make it to the LIVE Grand Finale in Las Vegas
Learn moreDependency injection in requirement handlers in ASP.NET Core
Authorization handlers must be registered in the service collection during configuration using dependency injection.
Suppose you had a repository of rules you wanted to evaluate inside an authorization handler and that repository was registered in the service collection. Authorization resolves and injects that into the constructor.
For example, to use the .NET logging infrastructure, inject ILoggerFactory into the handler, as shown in the following example:
C#
public class SampleAuthorizationHandler : AuthorizationHandler<SampleRequirement>
{
private readonly ILogger _logger;
public SampleAuthorizationHandler(ILoggerFactory loggerFactory)
=> _logger = loggerFactory.CreateLogger(GetType().FullName);
protected override Task HandleRequirementAsync(
AuthorizationHandlerContext context, SampleRequirement requirement)
{
_logger.LogInformation("Inside my handler");
// ...
return Task.CompletedTask;
}
}
The preceding handler can be registered with any service lifetime. The following code uses AddSingleton to register the preceding handler:
C#
builder.Services.AddSingleton<IAuthorizationHandler, SampleAuthorizationHandler>();
An instance of the handler is created when the app starts, and DI injects the registered ILoggerFactory into its constructor.
Note
Don't register authorization handlers that use Entity Framework (EF) as singletons.
Authorization handlers must be registered in the service collection during configuration using dependency injection.
Suppose you had a repository of rules you wanted to evaluate inside an authorization handler and that repository was registered in the service collection. Authorization resolves and injects that into the constructor.
For example, to use the .NET logging infrastructure, inject ILoggerFactory into the handler, as shown in the following example:
C#
public class SampleAuthorizationHandler : AuthorizationHandler<SampleRequirement>
{
private readonly ILogger _logger;
public SampleAuthorizationHandler(ILoggerFactory loggerFactory)
=> _logger = loggerFactory.CreateLogger(GetType().FullName);
protected override Task HandleRequirementAsync(
AuthorizationHandlerContext context, SampleRequirement requirement)
{
_logger.LogInformation("Inside my handler");
// ...
return Task.CompletedTask;
}
}
The preceding handler can be registered with any service lifetime. The following code uses AddSingleton to register the preceding handler:
C#
services.AddSingleton<IAuthorizationHandler, SampleAuthorizationHandler>();
An instance of the handler is created when the app starts, and DI injects the registered ILoggerFactory into its constructor.
Note
Don't register authorization handlers that use Entity Framework (EF) as singletons.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
ASP.NET Core feedback
ASP.NET Core is an open source project. Select a link to provide feedback:
Additional resources
Training
Module
Configure services with dependency injection in ASP.NET Core - Training
Understand and implement dependency injection in an ASP.NET Core app. Use ASP.NET Core's built-in service container to manage dependencies. Register services with the service container.
Documentation
-
Resource-based authorization in ASP.NET Core
Learn how to implement resource-based authorization in an ASP.NET Core app when an Authorize attribute won't suffice.
-
Custom authorization policies with IAuthorizationRequirementData
Learn how to add custom authorization policies with IAuthorizationRequirementData.
-
View-based authorization in ASP.NET Core MVC
This document demonstrates how to inject and utilize the authorization service inside of an ASP.NET Core Razor view.