Authorization: Resource in endpoint routing is HttpContext
When using endpoint routing in ASP.NET Core 3.1, the resource used for authorization is the endpoint. This approach was insufficient for gaining access to the route data (RouteData). Previously in MVC, an HttpContext resource was passed in, which allows access to both the endpoint (Endpoint) and the route data. This change ensures that the resource passed to authorization is always the
5.0 Preview 7
Endpoint routing passes the
HttpContext to authorization.
Reason for change
You can get to the endpoint from the
HttpContext. However, there was no way to get from the endpoint to things like the route data. There was a loss in functionality from non-endpoint routing.
If your app uses the endpoint resource, call GetEndpoint on the
HttpContext to continue accessing the endpoint.
In ASP.NET Core 5.0 Preview 8 and later, you can revert to the old behavior with SetSwitch. For example:
AppContext.SetSwitch( "Microsoft.AspNetCore.Authorization.SuppressUseHttpContextAsAuthorizationResource", isEnabled: true);