For this purpose, we can implement AuthorizationPolicyProvider or inherit from DefaultAuthorizationPolicyProvider that registered in DI system as default provider.
public class AuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider
public override Task
if (!policyName.StartsWith(PermissionAuthorizeAttribute.PolicyPrefix, StringComparison.OrdinalIgnoreCase))
var permissionNames = policyName.Substring(PermissionAuthorizeAttribute.PolicyPrefix.Length).Split(',');
var policy = new AuthorizationPolicyBuilder()
In this implementation, GetPolicyAsync is responsible to find and return one policy based on policyName. However, we can automate the process of defining the policy by overriding it and using an instance of AuthorizationPolicyBuilder. In the body of GetPolicyAsync method, first checked that received policyName starts with “PERMISSION:” or not; then split policyName with ‘,’ character to retrieve permission names. Finally, define policy with retrieved permissions and return it.
Now, To replace this implementation with default registered, use the following code in startup: