Cache effective policy in endpoint metadata (#43124)

src/Security/Authorization/Core/src/DefaultAuthorizationPolicyProvider.cs

@@ -71,4 +71,11 @@ public class DefaultAuthorizationPolicyProvider : IAuthorizationPolicyProvider
         // A change to either of these behaviors would require shipping a patch of MVC as well.
         return Task.FromResult(_options.GetPolicy(policyName));
     }
+
+#if NETCOREAPP
+    /// <summary>
+    /// Determines if policies from this provider can be cached, which is true only for this type.
+    /// </summary>
+    public virtual bool CanCachePolicy => GetType() == typeof(DefaultAuthorizationPolicyProvider);
+#endif
 }

src/Security/Authorization/Core/src/IAuthorizationPolicyProvider.cs

@@ -28,4 +28,11 @@ public interface IAuthorizationPolicyProvider
     /// </summary>
     /// <returns>The fallback authorization policy.</returns>
     Task<AuthorizationPolicy?> GetFallbackPolicyAsync();
+
+#if NETCOREAPP
+    /// <summary>
+    /// Determines if policies from this provider can be cached, defaults to false.
+    /// </summary>
+    bool CanCachePolicy => false;
+#endif
 }

src/Security/Authorization/Core/src/Microsoft.AspNetCore.Authorization.csproj

@@ -20,4 +20,9 @@ Microsoft.AspNetCore.Authorization.AuthorizeAttribute</Description>
     <Reference Include="Microsoft.Extensions.Options" />
   </ItemGroup>
 
+  <ItemGroup>
+    <AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Shipped.txt" />
+    <AdditionalFiles Include="PublicAPI/$(TargetFramework)/PublicAPI.Unshipped.txt" />
+  </ItemGroup>
+  
 </Project>

src/Security/Authorization/Core/src/PublicAPI/net7.0/PublicAPI.Shipped.txt

@@ -0,0 +1,171 @@
+#nullable enable
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.DefaultAuthorizationPolicyProvider(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! options) -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.DefaultAuthorizationService(Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider! policyProvider, Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider! handlers, Microsoft.Extensions.Logging.ILogger<Microsoft.AspNetCore.Authorization.DefaultAuthorizationService!>! logger, Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory! contextFactory, Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator! evaluator, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! options) -> void
+abstract Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, TRequirement requirement, TResource resource) -> System.Threading.Tasks.Task!
+abstract Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, TRequirement requirement) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute
+Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute.AllowAnonymousAttribute() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationFailure
+Microsoft.AspNetCore.Authorization.AuthorizationFailure.FailCalled.get -> bool
+Microsoft.AspNetCore.Authorization.AuthorizationFailure.FailedRequirements.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+Microsoft.AspNetCore.Authorization.AuthorizationFailure.FailureReasons.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationFailureReason!>!
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason.AuthorizationFailureReason(Microsoft.AspNetCore.Authorization.IAuthorizationHandler! handler, string! message) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason.Handler.get -> Microsoft.AspNetCore.Authorization.IAuthorizationHandler!
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason.Message.get -> string!
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>.AuthorizationHandler() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>.AuthorizationHandler() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext
+Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.AuthorizationHandlerContext(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Security.Claims.ClaimsPrincipal! user, object? resource) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.AddPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.AddPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.AuthorizationOptions() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy.get -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy.get -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy?
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.GetPolicy(string! name) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy?
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure.get -> bool
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy.AuthenticationSchemes.get -> System.Collections.Generic.IReadOnlyList<string!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy.AuthorizationPolicy(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Collections.Generic.IEnumerable<string!>! authenticationSchemes) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy.Requirements.get -> System.Collections.Generic.IReadOnlyList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AddAuthenticationSchemes(params string![]! schemes) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AddRequirements(params Microsoft.AspNetCore.Authorization.IAuthorizationRequirement![]! requirements) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthenticationSchemes.get -> System.Collections.Generic.IList<string!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthenticationSchemes.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthorizationPolicyBuilder(Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthorizationPolicyBuilder(params string![]! authenticationSchemes) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Build() -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Combine(Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireAssertion(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, bool>! handler) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireAssertion(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, System.Threading.Tasks.Task<bool>!>! handler) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireAuthenticatedUser() -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireClaim(string! claimType) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireClaim(string! claimType, params string![]! allowedValues) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireClaim(string! claimType, System.Collections.Generic.IEnumerable<string!>! allowedValues) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Requirements.get -> System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Requirements.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireRole(params string![]! roles) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireRole(System.Collections.Generic.IEnumerable<string!>! roles) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireUserName(string! userName) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationResult
+Microsoft.AspNetCore.Authorization.AuthorizationResult.Failure.get -> Microsoft.AspNetCore.Authorization.AuthorizationFailure?
+Microsoft.AspNetCore.Authorization.AuthorizationResult.Succeeded.get -> bool
+Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthenticationSchemes.get -> string?
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthenticationSchemes.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthorizeAttribute() -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthorizeAttribute(string! policy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Policy.get -> string?
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Policy.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Roles.get -> string?
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Roles.set -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationEvaluator
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationEvaluator.DefaultAuthorizationEvaluator() -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationEvaluator.Evaluate(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerContextFactory
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerContextFactory.DefaultAuthorizationHandlerContextFactory() -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider.DefaultAuthorizationHandlerProvider(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler!>! handlers) -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider.GetHandlersAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler!>!>!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.GetDefaultPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.GetFallbackPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationService
+Microsoft.AspNetCore.Authorization.IAllowAnonymous (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator
+Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator.Evaluate(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+Microsoft.AspNetCore.Authorization.IAuthorizationHandler
+Microsoft.AspNetCore.Authorization.IAuthorizationHandler.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory.CreateContext(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Security.Claims.ClaimsPrincipal! user, object? resource) -> Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider.GetHandlersAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler!>!>!
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider.GetDefaultPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>!
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider.GetFallbackPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider.GetPolicyAsync(string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+Microsoft.AspNetCore.Authorization.IAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.IAuthorizationService
+Microsoft.AspNetCore.Authorization.IAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+Microsoft.AspNetCore.Authorization.IAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+Microsoft.AspNetCore.Authorization.IAuthorizeData (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.AuthenticationSchemes.get -> string? (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.AuthenticationSchemes.set -> void (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Policy.get -> string? (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Policy.set -> void (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Roles.get -> string? (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Roles.set -> void (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.AssertionRequirement(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, bool>! handler) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.AssertionRequirement(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, System.Threading.Tasks.Task<bool>!>! handler) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.Handler.get -> System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, System.Threading.Tasks.Task<bool>!>!
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.AllowedValues.get -> System.Collections.Generic.IEnumerable<string!>?
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.ClaimsAuthorizationRequirement(string! claimType, System.Collections.Generic.IEnumerable<string!>? allowedValues) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.ClaimType.get -> string!
+Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement.DenyAnonymousAuthorizationRequirement() -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.NameAuthorizationRequirement(string! requiredName) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.RequiredName.get -> string!
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.Name.get -> string!
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.Name.set -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.OperationAuthorizationRequirement() -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.PassThroughAuthorizationHandler() -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.AllowedRoles.get -> System.Collections.Generic.IEnumerable<string!>!
+Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.RolesAuthorizationRequirement(System.Collections.Generic.IEnumerable<string!>! allowedRoles) -> void
+Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions
+override Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.ToString() -> string!
+static Microsoft.AspNetCore.Authorization.AuthorizationFailure.ExplicitFail() -> Microsoft.AspNetCore.Authorization.AuthorizationFailure!
+static Microsoft.AspNetCore.Authorization.AuthorizationFailure.Failed(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationFailureReason!>! reasons) -> Microsoft.AspNetCore.Authorization.AuthorizationFailure!
+static Microsoft.AspNetCore.Authorization.AuthorizationFailure.Failed(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! failed) -> Microsoft.AspNetCore.Authorization.AuthorizationFailure!
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.Combine(params Microsoft.AspNetCore.Authorization.AuthorizationPolicy![]! policies) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.Combine(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>! policies) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.CombineAsync(Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider! policyProvider, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizeData!>! authorizeData) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+static Microsoft.AspNetCore.Authorization.AuthorizationResult.Failed() -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+static Microsoft.AspNetCore.Authorization.AuthorizationResult.Failed(Microsoft.AspNetCore.Authorization.AuthorizationFailure! failure) -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+static Microsoft.AspNetCore.Authorization.AuthorizationResult.Success() -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, object? resource, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, object? resource, Microsoft.AspNetCore.Authorization.IAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions.AddAuthorizationCore(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+static Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions.AddAuthorizationCore(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! configure) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Fail() -> void
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Fail(Microsoft.AspNetCore.Authorization.AuthorizationFailureReason! reason) -> void
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.FailureReasons.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationFailureReason!>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.HasFailed.get -> bool
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.HasSucceeded.get -> bool
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.PendingRequirements.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Requirements.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Resource.get -> object?
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Succeed(Microsoft.AspNetCore.Authorization.IAuthorizationRequirement! requirement) -> void
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.User.get -> System.Security.Claims.ClaimsPrincipal!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerContextFactory.CreateContext(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Security.Claims.ClaimsPrincipal! user, object? resource) -> Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.GetPolicyAsync(string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!

src/Security/Authorization/Core/src/PublicAPI/net7.0/PublicAPI.Unshipped.txt

@@ -0,0 +1,17 @@
+#nullable enable
+Microsoft.AspNetCore.Authorization.AuthorizationBuilder
+Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AuthorizationBuilder(Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> void
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider.CanCachePolicy.get -> bool
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.PassThroughAuthorizationHandler(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! options) -> void
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.CombineAsync(Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider! policyProvider, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizeData!>! authorizeData, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>! policies) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddDefaultPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddDefaultPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddFallbackPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddFallbackPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.Services.get -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetDefaultPolicy(Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetFallbackPolicy(Microsoft.AspNetCore.Authorization.AuthorizationPolicy? policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetInvokeHandlersAfterFailure(bool invoke) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.CanCachePolicy.get -> bool

src/Security/Authorization/Core/src/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt

@@ -0,0 +1,171 @@
+#nullable enable
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.DefaultAuthorizationPolicyProvider(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! options) -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.DefaultAuthorizationService(Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider! policyProvider, Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider! handlers, Microsoft.Extensions.Logging.ILogger<Microsoft.AspNetCore.Authorization.DefaultAuthorizationService!>! logger, Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory! contextFactory, Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator! evaluator, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! options) -> void
+abstract Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, TRequirement requirement, TResource resource) -> System.Threading.Tasks.Task!
+abstract Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, TRequirement requirement) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute
+Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute.AllowAnonymousAttribute() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationFailure
+Microsoft.AspNetCore.Authorization.AuthorizationFailure.FailCalled.get -> bool
+Microsoft.AspNetCore.Authorization.AuthorizationFailure.FailedRequirements.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+Microsoft.AspNetCore.Authorization.AuthorizationFailure.FailureReasons.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationFailureReason!>!
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason.AuthorizationFailureReason(Microsoft.AspNetCore.Authorization.IAuthorizationHandler! handler, string! message) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason.Handler.get -> Microsoft.AspNetCore.Authorization.IAuthorizationHandler!
+Microsoft.AspNetCore.Authorization.AuthorizationFailureReason.Message.get -> string!
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>.AuthorizationHandler() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>
+Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>.AuthorizationHandler() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext
+Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.AuthorizationHandlerContext(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Security.Claims.ClaimsPrincipal! user, object? resource) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.AddPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.AddPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.AuthorizationOptions() -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy.get -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.DefaultPolicy.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy.get -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy?
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.FallbackPolicy.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.GetPolicy(string! name) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy?
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure.get -> bool
+Microsoft.AspNetCore.Authorization.AuthorizationOptions.InvokeHandlersAfterFailure.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy.AuthenticationSchemes.get -> System.Collections.Generic.IReadOnlyList<string!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy.AuthorizationPolicy(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Collections.Generic.IEnumerable<string!>! authenticationSchemes) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicy.Requirements.get -> System.Collections.Generic.IReadOnlyList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AddAuthenticationSchemes(params string![]! schemes) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AddRequirements(params Microsoft.AspNetCore.Authorization.IAuthorizationRequirement![]! requirements) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthenticationSchemes.get -> System.Collections.Generic.IList<string!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthenticationSchemes.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthorizationPolicyBuilder(Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.AuthorizationPolicyBuilder(params string![]! authenticationSchemes) -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Build() -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Combine(Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireAssertion(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, bool>! handler) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireAssertion(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, System.Threading.Tasks.Task<bool>!>! handler) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireAuthenticatedUser() -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireClaim(string! claimType) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireClaim(string! claimType, params string![]! allowedValues) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireClaim(string! claimType, System.Collections.Generic.IEnumerable<string!>! allowedValues) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Requirements.get -> System.Collections.Generic.IList<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.Requirements.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireRole(params string![]! roles) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireRole(System.Collections.Generic.IEnumerable<string!>! roles) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder.RequireUserName(string! userName) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!
+Microsoft.AspNetCore.Authorization.AuthorizationResult
+Microsoft.AspNetCore.Authorization.AuthorizationResult.Failure.get -> Microsoft.AspNetCore.Authorization.AuthorizationFailure?
+Microsoft.AspNetCore.Authorization.AuthorizationResult.Succeeded.get -> bool
+Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthenticationSchemes.get -> string?
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthenticationSchemes.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthorizeAttribute() -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.AuthorizeAttribute(string! policy) -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Policy.get -> string?
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Policy.set -> void
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Roles.get -> string?
+Microsoft.AspNetCore.Authorization.AuthorizeAttribute.Roles.set -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationEvaluator
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationEvaluator.DefaultAuthorizationEvaluator() -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationEvaluator.Evaluate(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerContextFactory
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerContextFactory.DefaultAuthorizationHandlerContextFactory() -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider.DefaultAuthorizationHandlerProvider(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler!>! handlers) -> void
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider.GetHandlersAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler!>!>!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.GetDefaultPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.GetFallbackPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+Microsoft.AspNetCore.Authorization.DefaultAuthorizationService
+Microsoft.AspNetCore.Authorization.IAllowAnonymous (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator
+Microsoft.AspNetCore.Authorization.IAuthorizationEvaluator.Evaluate(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+Microsoft.AspNetCore.Authorization.IAuthorizationHandler
+Microsoft.AspNetCore.Authorization.IAuthorizationHandler.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerContextFactory.CreateContext(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Security.Claims.ClaimsPrincipal! user, object? resource) -> Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider
+Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider.GetHandlersAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler!>!>!
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider.GetDefaultPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>!
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider.GetFallbackPolicyAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider.GetPolicyAsync(string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+Microsoft.AspNetCore.Authorization.IAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.IAuthorizationService
+Microsoft.AspNetCore.Authorization.IAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+Microsoft.AspNetCore.Authorization.IAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+Microsoft.AspNetCore.Authorization.IAuthorizeData (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.AuthenticationSchemes.get -> string? (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.AuthenticationSchemes.set -> void (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Policy.get -> string? (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Policy.set -> void (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Roles.get -> string? (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.IAuthorizeData.Roles.set -> void (forwarded, contained in Microsoft.AspNetCore.Metadata)
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.AssertionRequirement(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, bool>! handler) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.AssertionRequirement(System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, System.Threading.Tasks.Task<bool>!>! handler) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.Handler.get -> System.Func<Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!, System.Threading.Tasks.Task<bool>!>!
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.AllowedValues.get -> System.Collections.Generic.IEnumerable<string!>?
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.ClaimsAuthorizationRequirement(string! claimType, System.Collections.Generic.IEnumerable<string!>? allowedValues) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.ClaimType.get -> string!
+Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement.DenyAnonymousAuthorizationRequirement() -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.NameAuthorizationRequirement(string! requiredName) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.RequiredName.get -> string!
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.Name.get -> string!
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.Name.set -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.OperationAuthorizationRequirement() -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.PassThroughAuthorizationHandler() -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement
+Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.AllowedRoles.get -> System.Collections.Generic.IEnumerable<string!>!
+Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.RolesAuthorizationRequirement(System.Collections.Generic.IEnumerable<string!>! allowedRoles) -> void
+Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions
+override Microsoft.AspNetCore.Authorization.Infrastructure.AssertionRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.ClaimsAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.DenyAnonymousAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.NameAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.OperationAuthorizationRequirement.ToString() -> string!
+override Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.HandleRequirementAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context, Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task!
+override Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.ToString() -> string!
+static Microsoft.AspNetCore.Authorization.AuthorizationFailure.ExplicitFail() -> Microsoft.AspNetCore.Authorization.AuthorizationFailure!
+static Microsoft.AspNetCore.Authorization.AuthorizationFailure.Failed(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationFailureReason!>! reasons) -> Microsoft.AspNetCore.Authorization.AuthorizationFailure!
+static Microsoft.AspNetCore.Authorization.AuthorizationFailure.Failed(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! failed) -> Microsoft.AspNetCore.Authorization.AuthorizationFailure!
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.Combine(params Microsoft.AspNetCore.Authorization.AuthorizationPolicy![]! policies) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.Combine(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>! policies) -> Microsoft.AspNetCore.Authorization.AuthorizationPolicy!
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.CombineAsync(Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider! policyProvider, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizeData!>! authorizeData) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+static Microsoft.AspNetCore.Authorization.AuthorizationResult.Failed() -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+static Microsoft.AspNetCore.Authorization.AuthorizationResult.Failed(Microsoft.AspNetCore.Authorization.AuthorizationFailure! failure) -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+static Microsoft.AspNetCore.Authorization.AuthorizationResult.Success() -> Microsoft.AspNetCore.Authorization.AuthorizationResult!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, object? resource, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, object? resource, Microsoft.AspNetCore.Authorization.IAuthorizationRequirement! requirement) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.AspNetCore.Authorization.AuthorizationServiceExtensions.AuthorizeAsync(this Microsoft.AspNetCore.Authorization.IAuthorizationService! service, System.Security.Claims.ClaimsPrincipal! user, string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+static Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions.AddAuthorizationCore(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+static Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions.AddAuthorizationCore(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! configure) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement, TResource>.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandler<TRequirement>.HandleAsync(Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext! context) -> System.Threading.Tasks.Task!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Fail() -> void
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Fail(Microsoft.AspNetCore.Authorization.AuthorizationFailureReason! reason) -> void
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.FailureReasons.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationFailureReason!>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.HasFailed.get -> bool
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.HasSucceeded.get -> bool
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.PendingRequirements.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Requirements.get -> System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Resource.get -> object?
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.Succeed(Microsoft.AspNetCore.Authorization.IAuthorizationRequirement! requirement) -> void
+virtual Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext.User.get -> System.Security.Claims.ClaimsPrincipal!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerContextFactory.CreateContext(System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements, System.Security.Claims.ClaimsPrincipal! user, object? resource) -> Microsoft.AspNetCore.Authorization.AuthorizationHandlerContext!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationPolicyProvider.GetPolicyAsync(string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, string! policyName) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!
+virtual Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(System.Security.Claims.ClaimsPrincipal! user, object? resource, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationRequirement!>! requirements) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationResult!>!

src/Security/Authorization/Core/src/PublicAPI/netstandard2.0/PublicAPI.Unshipped.txt

@@ -0,0 +1,15 @@
+#nullable enable
+Microsoft.AspNetCore.Authorization.AuthorizationBuilder
+Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AuthorizationBuilder(Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> void
+Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.PassThroughAuthorizationHandler(Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.Authorization.AuthorizationOptions!>! options) -> void
+static Microsoft.AspNetCore.Authorization.AuthorizationPolicy.CombineAsync(Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider! policyProvider, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizeData!>! authorizeData, System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.AuthorizationPolicy!>! policies) -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Authorization.AuthorizationPolicy?>!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddDefaultPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddDefaultPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddFallbackPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddFallbackPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddPolicy(string! name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.AddPolicy(string! name, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.Services.get -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetDefaultPolicy(Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetFallbackPolicy(Microsoft.AspNetCore.Authorization.AuthorizationPolicy? policy) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!
+virtual Microsoft.AspNetCore.Authorization.AuthorizationBuilder.SetInvokeHandlersAfterFailure(bool invoke) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!

src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs

@@ -23,6 +23,8 @@ public class AuthorizationMiddleware
 
     private readonly RequestDelegate _next;
     private readonly IAuthorizationPolicyProvider _policyProvider;
+    private readonly bool _canCache;
+    private readonly AuthorizationPolicyCache? _policyCache;
 
     /// <summary>
     /// Initializes a new instance of <see cref="AuthorizationMiddleware"/>.
@@ -33,6 +35,24 @@ public class AuthorizationMiddleware
     {
         _next = next ?? throw new ArgumentNullException(nameof(next));
         _policyProvider = policyProvider ?? throw new ArgumentNullException(nameof(policyProvider));
+        _canCache = false;
+    }
+
+    /// <summary>
+    /// Initializes a new instance of <see cref="AuthorizationMiddleware"/>.
+    /// </summary>
+    /// <param name="next">The next middleware in the application middleware pipeline.</param>
+    /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/>.</param>
+    /// <param name="services">The <see cref="IServiceProvider"/>.</param>
+    public AuthorizationMiddleware(RequestDelegate next, IAuthorizationPolicyProvider policyProvider, IServiceProvider services) : this(next, policyProvider)
+    {
+        ArgumentNullException.ThrowIfNull(services);
+
+        if (_policyProvider.CanCachePolicy)
+        {
+            _policyCache = services.GetService<AuthorizationPolicyCache>();
+            _canCache = _policyCache != null;
+        }
     }
 
     /// <summary>
@@ -47,7 +67,6 @@ public class AuthorizationMiddleware
         }
 
         var endpoint = context.GetEndpoint();
-
         if (endpoint != null)
         {
             // EndpointRoutingMiddleware uses this flag to check if the Authorization middleware processed auth metadata on the endpoint.
@@ -55,12 +74,29 @@ public class AuthorizationMiddleware
             context.Items[AuthorizationMiddlewareInvokedWithEndpointKey] = AuthorizationMiddlewareWithEndpointInvokedValue;
         }
 
-        // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
-        var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
+        // Use the computed policy for this endpoint if we can
+        AuthorizationPolicy? policy = null;
+        var canCachePolicy = _canCache && endpoint != null;
+        if (canCachePolicy)
+        {
+            policy = _policyCache!.Lookup(endpoint!);
+        }
+
+        if (policy == null)
+        {
+            // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
+            var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
 
-        var policies = endpoint?.Metadata.GetOrderedMetadata<AuthorizationPolicy>() ?? Array.Empty<AuthorizationPolicy>();
+            var policies = endpoint?.Metadata.GetOrderedMetadata<AuthorizationPolicy>() ?? Array.Empty<AuthorizationPolicy>();
 
-        var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData, policies);
+            policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData, policies);
+
+            // Cache the computed policy
+            if (policy != null && canCachePolicy)
+            {
+                _policyCache!.Store(endpoint!, policy);
+            }
+        }
 
         if (policy == null)
         {
@@ -108,4 +144,5 @@ public class AuthorizationMiddleware
         var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService<IAuthorizationMiddlewareResultHandler>();
         await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult);
     }
+
 }

src/Security/Authorization/Policy/src/AuthorizationPolicyCache.cs

@@ -0,0 +1,42 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Collections.Concurrent;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Routing;
+
+namespace Microsoft.AspNetCore.Authorization.Policy;
+
+internal sealed class AuthorizationPolicyCache : IDisposable
+{
+    // Caches AuthorizationPolicy instances
+    private readonly DataSourceDependentCache<ConcurrentDictionary<Endpoint, AuthorizationPolicy>> _policyCache;
+
+    public AuthorizationPolicyCache(EndpointDataSource dataSource)
+    {
+        // We cache AuthorizationPolicy instances per-Endpoint for performance, but we want to wipe out
+        // that cache if the endpoints change so that we don't allow unbounded memory growth.
+        _policyCache = new DataSourceDependentCache<ConcurrentDictionary<Endpoint, AuthorizationPolicy>>(dataSource, (_) =>
+        {
+            // We don't eagerly fill this cache because there's no real reason to.
+            return new ConcurrentDictionary<Endpoint, AuthorizationPolicy>();
+        });
+        _policyCache.EnsureInitialized();
+    }
+
+    public AuthorizationPolicy? Lookup(Endpoint endpoint)
+    {
+        _policyCache.Value!.TryGetValue(endpoint, out var policy);
+        return policy;
+    }
+
+    public void Store(Endpoint endpoint, AuthorizationPolicy policy)
+    {
+        _policyCache.Value![endpoint] = policy;
+    }
+
+    public void Dispose()
+    {
+        _policyCache.Dispose();
+    }
+}

src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj

@@ -12,6 +12,7 @@
 
   <ItemGroup>
     <Compile Include="$(SharedSourceRoot)SecurityHelper\**\*.cs" />
+    <Compile Include="..\..\..\..\Http\Routing\src\DataSourceDependentCache.cs" Link="DataSourceDependentCache.cs" />
   </ItemGroup>
 
   <ItemGroup>

src/Security/Authorization/Policy/src/PolicyServiceCollectionExtensions.cs

@@ -52,6 +52,7 @@ public static class PolicyServiceCollectionExtensions
 
         services.AddAuthorizationCore();
         services.AddAuthorizationPolicyEvaluator();
+        services.AddSingleton<AuthorizationPolicyCache>();
         return services;
     }
 
@@ -70,6 +71,7 @@ public static class PolicyServiceCollectionExtensions
 
         services.AddAuthorizationCore(configure);
         services.AddAuthorizationPolicyEvaluator();
+        services.AddSingleton<AuthorizationPolicyCache>();
         return services;
     }
 }

src/Security/Authorization/Policy/src/PublicAPI.Unshipped.txt

@@ -1,4 +1,5 @@
 #nullable enable
+Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.AuthorizationMiddleware(Microsoft.AspNetCore.Http.RequestDelegate! next, Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider! policyProvider, System.IServiceProvider! services) -> void
 static Microsoft.AspNetCore.Builder.AuthorizationEndpointConventionBuilderExtensions.RequireAuthorization<TBuilder>(this TBuilder builder, Microsoft.AspNetCore.Authorization.AuthorizationPolicy! policy) -> TBuilder
 static Microsoft.AspNetCore.Builder.AuthorizationEndpointConventionBuilderExtensions.RequireAuthorization<TBuilder>(this TBuilder builder, System.Action<Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder!>! configurePolicy) -> TBuilder
 static Microsoft.Extensions.DependencyInjection.PolicyServiceCollectionExtensions.AddAuthorizationBuilder(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.AspNetCore.Authorization.AuthorizationBuilder!

src/Security/Authorization/test/AuthorizationMiddlewareTests.cs

@@ -8,8 +8,11 @@ using Microsoft.AspNetCore.Authorization.Test.TestObjects;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Primitives;
 using Moq;
 
 namespace Microsoft.AspNetCore.Authorization.Test;
@@ -210,6 +213,145 @@ public class AuthorizationMiddlewareTests
         Assert.Equal(3, next.CalledCount);
     }
 
+    private static EndpointDataSource CreateDataSource(Endpoint endpoint)
+    {
+        var dataSource = new Mock<EndpointDataSource>();
+        dataSource.Setup(d => d.Endpoints).Returns(new Endpoint[] { endpoint });
+        dataSource.Setup(d => d.GetChangeToken()).Returns(new CancellationChangeToken(new CancellationToken()));
+        return dataSource.Object;
+    }
+
+    [Fact]
+    public async Task OnAuthorizationAsync_WillNotCallPolicyProviderWithCache()
+    {
+        // Arrange
+        var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+        var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+        var getPolicyCount = 0;
+        var getFallbackPolicyCount = 0;
+        policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(policy)
+            .Callback(() => getPolicyCount++);
+        policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy)
+            .Callback(() => getFallbackPolicyCount++);
+        policyProvider.Setup(p => p.CanCachePolicy).Returns(true);
+        var next = new TestRequestDelegate();
+
+        var endpoint = CreateEndpoint(new AuthorizeAttribute("whatever"));
+        var services = new ServiceCollection()
+            .AddAuthorization()
+            .AddSingleton(CreateDataSource(endpoint)).BuildServiceProvider();
+        var middleware = CreateMiddleware(next.Invoke, policyProvider.Object, services);
+        var context = GetHttpContext(anonymous: true, endpoint: endpoint);
+
+        // Act & Assert
+        await middleware.Invoke(context);
+        Assert.Equal(1, getPolicyCount);
+        Assert.Equal(0, getFallbackPolicyCount);
+        Assert.Equal(1, next.CalledCount);
+
+        await middleware.Invoke(context);
+        Assert.Equal(1, getPolicyCount);
+        Assert.Equal(0, getFallbackPolicyCount);
+        Assert.Equal(2, next.CalledCount);
+
+        await middleware.Invoke(context);
+        Assert.Equal(1, getPolicyCount);
+        Assert.Equal(0, getFallbackPolicyCount);
+        Assert.Equal(3, next.CalledCount);
+    }
+
+    private class TestDefaultPolicyProvider : DefaultAuthorizationPolicyProvider
+    {
+        public int GetFallbackPolicyCount;
+        public int GetPolicyCount;
+        private readonly bool _canCache;
+
+        public TestDefaultPolicyProvider(IOptions<AuthorizationOptions> options, bool canCache) : base(options)
+        {
+            _canCache = canCache;
+        }
+
+        public new Task<AuthorizationPolicy> GetFallbackPolicyAsync()
+        {
+            GetFallbackPolicyCount++;
+            return base.GetFallbackPolicyAsync();
+        }
+
+        public override Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
+        {
+            GetPolicyCount++;
+            return Task.FromResult(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
+        }
+
+        public override bool CanCachePolicy => _canCache;
+    }
+
+    [Theory]
+    [InlineData(true)]
+    [InlineData(false)]
+    public async Task OnAuthorizationAsync_WillCallDerviedDefaultPolicyProviderCanCache(bool canCache)
+    {
+        // Arrange
+        var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+        var policyProvider = new TestDefaultPolicyProvider(Options.Create(new AuthorizationOptions()), canCache);
+        var next = new TestRequestDelegate();
+        var endpoint = CreateEndpoint(new AuthorizeAttribute("whatever"));
+        var services = new ServiceCollection()
+            .AddAuthorization()
+            .AddSingleton(CreateDataSource(endpoint)).BuildServiceProvider();
+        var middleware = CreateMiddleware(next.Invoke, policyProvider, services);
+        var context = GetHttpContext(anonymous: true, endpoint: endpoint);
+
+        // Act & Assert
+        await middleware.Invoke(context);
+        Assert.Equal(1, policyProvider.GetPolicyCount);
+        Assert.Equal(0, policyProvider.GetFallbackPolicyCount);
+        Assert.Equal(1, next.CalledCount);
+
+        await middleware.Invoke(context);
+        Assert.Equal(canCache ? 1: 2, policyProvider.GetPolicyCount);
+        Assert.Equal(0, policyProvider.GetFallbackPolicyCount);
+        Assert.Equal(2, next.CalledCount);
+
+        await middleware.Invoke(context);
+        Assert.Equal(canCache ? 1 : 3, policyProvider.GetPolicyCount);
+        Assert.Equal(0, policyProvider.GetFallbackPolicyCount);
+        Assert.Equal(3, next.CalledCount);
+    }
+
+    [Fact]
+    public async Task OnAuthorizationAsync_WillCallCustomPolicyProviderWithCache()
+    {
+        // Arrange
+        var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build();
+        var policyProvider = new Mock<IAuthorizationPolicyProvider>();
+        var getPolicyCount = 0;
+        var getFallbackPolicyCount = 0;
+        policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny<string>())).ReturnsAsync(policy)
+            .Callback(() => getPolicyCount++);
+        policyProvider.Setup(p => p.GetFallbackPolicyAsync()).ReturnsAsync(policy)
+            .Callback(() => getFallbackPolicyCount++);
+        var next = new TestRequestDelegate();
+        var middleware = CreateMiddleware(next.Invoke, policyProvider.Object);
+        var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever")));
+
+        // Act & Assert
+        await middleware.Invoke(context);
+        Assert.Equal(1, getPolicyCount);
+        Assert.Equal(0, getFallbackPolicyCount);
+        Assert.Equal(1, next.CalledCount);
+
+        await middleware.Invoke(context);
+        Assert.Equal(2, getPolicyCount);
+        Assert.Equal(0, getFallbackPolicyCount);
+        Assert.Equal(2, next.CalledCount);
+
+        await middleware.Invoke(context);
+        Assert.Equal(3, getPolicyCount);
+        Assert.Equal(0, getFallbackPolicyCount);
+        Assert.Equal(3, next.CalledCount);
+    }
+
     [Fact]
     public async Task CanApplyPolicyDirectlyToEndpoint()
     {
@@ -682,10 +824,11 @@ public class AuthorizationMiddlewareTests
         Assert.True(app.Properties.ContainsKey("__AuthorizationMiddlewareSet"));
     }
 
-    private AuthorizationMiddleware CreateMiddleware(RequestDelegate requestDelegate = null, IAuthorizationPolicyProvider policyProvider = null)
+    private AuthorizationMiddleware CreateMiddleware(RequestDelegate requestDelegate = null, IAuthorizationPolicyProvider policyProvider = null, IServiceProvider services = null)
     {
         requestDelegate = requestDelegate ?? ((context) => Task.CompletedTask);
-        return new AuthorizationMiddleware(requestDelegate, policyProvider);
+        services ??= new ServiceCollection().BuildServiceProvider();
+        return new AuthorizationMiddleware(requestDelegate, policyProvider, services);
     }
 
     private Endpoint CreateEndpoint(params object[] metadata)