More code samples for authorization use legacy approach for registering in DI container

[abatishchev]

Description

A continuation of #36666. Also see its related PR #36675

More code samples under authorization have the same issue: they use AddAuthorization() instead of AddAuthorizationBuilder().

Namely:

• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-10.0#selecting-the-scheme-with-policies
• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-10.0#use-multiple-authentication-schemes
• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/resourcebased?view=aspnetcore-10.0
• https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-10.0
• and so on

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-10.0#selecting-the-scheme-with-policies

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/authorization/limitingidentitybyscheme.md

Document ID

0096c365-2f4e-5d21-89a0-c4f10fcb0ed9

Platform Id

099e63e1-c27f-9f00-8885-c551419ae35a

Article author

@wadepickett

Metadata

• ID: ee71441f-471a-89cd-0ef4-9b32b5dd85cf
• PlatformId: 099e63e1-c27f-9f00-8885-c551419ae35a
• Service: aspnet-core
• Sub-service: security

Related Issues

---

Associated WorkItem - 548940

[wadepickett]

Thanks again @abatishchev!

[wadepickett]

🤖 AI Triage Summary

📌 Note to community: This is an automated preliminary analysis to help our documentation team quickly review, determine scope and prioritize this issue. This report is not a resolution and requires human review.

---

This preliminary assessment report was run by: @wadepickett
Date: 2026-01-30
Issue: 36717
Model: GitHub Copilot

---

Issue Analysis: More code samples for authorization use legacy approach for registering in DI container

✅ Issue Validation

Status: Valid and actionable

📋 Issue Summary

This issue is a continuation of #36666, which was addressed by PR #36675. Multiple code samples throughout the authorization documentation section use AddAuthorization() instead of AddAuthorizationBuilder(). This pattern triggers analyzer warning ASP0025. Since .NET 7+, the recommended approach is to use AddAuthorizationBuilder() which is more concise and follows current best practices.

The approach established in PR #36675 should be followed: create new 7.x code samples while preserving existing 6.x samples for backward compatibility.

📁 Potentially Affected Files

These files have been identified as possibly related to this issue and may need review.

1. Limiting Identity by Scheme - Program.cs

File	Path	Lines	Section
Code sample	aspnetcore/security/authorization/limitingidentitybyscheme/samples/AuthScheme/Program.cs	60-68	snippet2 region - "Over18" policy
Code sample	aspnetcore/security/authorization/limitingidentitybyscheme/samples/AuthScheme/Program.cs	124-132	snippet_ma region - Default authorization policy
Main article	aspnetcore/security/authorization/limitingidentitybyscheme.md	134-144	"Selecting the scheme with policies" inline code

2. Resource-based Authorization - Program.cs

File	Path	Lines	Section
Code sample	aspnetcore/security/authorization/resourcebased/samples/6_0/ResourceBasedAuthApp2/Program.cs	20-24	snippet_ConfigureServicesSample region - "EditPolicy"
Main article	aspnetcore/security/authorization/resourcebased.md	58-60	Register requirement and handler

3. Role-based Authorization - Program.cs

File	Path	Lines	Section
Code sample	aspnetcore/security/authorization/roles/samples/6_0/WebAll/Program.cs	10-14	snippet region - "RequireAdministratorRole" policy
Code sample	aspnetcore/security/authorization/roles/samples/6_0/WebAll/Program.cs	42-46	snippet2 region - "ElevatedRights" policy
Main article	aspnetcore/security/authorization/roles.md	178-183	Inline code for < aspnetcore-6.0 moniker

4. Policy-based Authorization - policies.md

File	Path	Lines	Section
Main article	aspnetcore/security/authorization/policies.md	91-93	Inline code sample
Include file	aspnetcore/security/authorization/policies/includes/policies5.md	68-77	ConfigureServices inline code

5. Claims-based Authorization (Legacy moniker section)

File	Path	Lines	Section
Main article	aspnetcore/security/authorization/claims.md	259-270	< aspnetcore-6.0 moniker inline code

---

📝 Preliminary Change Assessment

The following are initial observations for the documentation team to evaluate—not final decisions.

Approach Recommendation

Following the pattern established by PR #36675 for the claims-based authorization article:

1. Create new 7.x sample folders for each affected article area
2. Preserve existing 6.x samples for backward compatibility
3. Update documentation to use moniker ranges pointing to appropriate samples

---

Potential Code Sample Updates

1. Limiting Identity by Scheme

File: aspnetcore/security/authorization/limitingidentitybyscheme/samples/AuthScheme/Program.cs
Location: Lines 60-68 (snippet2 region)
Type: Create new 7.x sample

Current code (lines 60-68):

builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("Over18", policy =>
    {
        policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
        policy.RequireAuthenticatedUser();
        policy.Requirements.Add(new MinimumAgeRequirement(18));
    });
});