How to add global `AuthorizeFilter` or `AuthorizeAttribute` in ASP.NET Core?

Question

In ASP.NET MVC 4 and below we just add the following in Global.asax:

GlobalFilters.Filters.Add(new AuthorizeAttribute() { Roles = \"Admin, S         


        

Answer 1

From docs:

You can register a filter globally (for all controllers and actions) by adding it to the MvcOptions.Filters collection in the ConfigureServices method in the Startup class:

You can not add AuthorizeAttribute into MvcOptions.Filters . Create an AuthorizationPolicy and use AuthorizeFilter:

var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .RequireRole("Admin", "SuperUser")
        .Build();

services.AddMvc(options =>
{
    options.Filters.Add(new AuthorizeFilter(policy));
});