Use a requirement based approach.
Add a Requirement
by implementing the IAuthorizationRequirement
.
This is invoked through a AuthorizationHandler
. The AuthorizationHandler
can accept some type of additional input. For example, configuration.
Finally, it can be added as a requirement when the middleware is configured in the start-up.
Then decorate the controller to ensure the requirement is fulfilled:
[Authorize(Policy = "Bearer", AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]