MvcOptions.AllowCombiningAuthorizeFilters Property


Gets or sets a value that determines if policies on instances of AuthorizeFilter will be combined into a single effective policy. The default value of the property is false.

 property bool AllowCombiningAuthorizeFilters { bool get(); void set(bool value); };
public bool AllowCombiningAuthorizeFilters { get; set; }
member this.AllowCombiningAuthorizeFilters : bool with get, set
Public Property AllowCombiningAuthorizeFilters As Boolean

Property Value



Authorization policies are designed such that multiple authorization policies applied to an endpoint should be combined and executed a single policy. The AuthorizeFilter (commonly applied by AuthorizeAttribute) can be applied globally, to controllers, and to actions - which specifies multiple authorization policies for an action. In all ASP.NET Core releases prior to 2.1 these multiple policies would not combine as intended. This compatibility switch configures whether the old (unintended) behavior or the new combining behavior will be used when multiple authorization policies are applied.

This property is associated with a compatibility switch and can provide a different behavior depending on the configured compatibility version for the application. See CompatibilityVersion for guidance and examples of setting the application's compatibility version.

Configuring the desired value of the compatibility switch by calling this property's setter will take precedence over the value implied by the application's CompatibilityVersion.

If the application's compatibility version is set to Version_2_0 then this setting will have the value false unless explicitly configured.

If the application's compatibility version is set to Version_2_1 or higher then this setting will have the value true unless explicitly configured.

Applies to