Clean up and modernize the authorization docs

[danroth27]

The ASP.NET Core docs cover authorization docs in several different places. We have specific authentication & authorization topics for each tech and general authorization content a top-level authorization section:

• Top-level under Security and Identity: Authorization section
• Blazor: ASP.NET Core Blazor authentication and authorization
• Minimal APIs: Authentication and authorization in minimal APIs
• SignalR: Authentication and authorization in ASP.NET Core SignalR
• gRPC: Authentication and authorization in gRPC for ASP.NET Core
• YARP: YARP Authentication and Authorization

However, there is a bunch of content in the authorization section that is specific to MVC, API Controllers, and Razor Pages. For consistency, this content should be consolidated into authn-and-authz docs that live under the corresponding areas for those technologies. In cases where we use these technologies to demonstrate general authorization concepts, we should instead use Minimal APIs & Blazor to demonstrate those concepts.

• Razor Pages authorization conventions in ASP.NET Core - Move to Razor Pages
• 🦖 Simple authorization in ASP.NET Core - Tracked by 35816.
• Custom authorization policies with IAuthorizationRequirementData - Update to use Minimal APIs
• Role-based authorization in ASP.NET Core - Update to use Minimal APIs
• Claims-based authorization in ASP.NET Core - Move content to MVC, Razor Pages. Update to use Minimal APIs.
• 🦖 Policy-based authorization in ASP.NET Core - Tracked by 35817.
• Custom Authorization Policy Providers using IAuthorizationPolicyProvider in ASP.NET Core - Small update to use Minimal APIs
• Customize the behavior of AuthorizationMiddleware - Looks good! 👍
• Dependency injection in requirement handlers in ASP.NET Core - Looks good! 👍
• 🦖 Resource-based authorization in ASP.NET Core - Tracked by 35818.
• View-based authorization in ASP.NET Core MVC - Move to MVC
• 🦖 Authorize with a specific scheme in ASP.NET Core - Tracked by 35819.

We should then also link to the various authn-and-authz docs from the Security and Identity section.

---

Associated WorkItem - 494905

[wadepickett]

@guardrex, I'll ping you for reviews on the ones that are updated for Blazor.

[wadepickett]

@guardrex (cc @tdykstra ), Is there any of this you want to take or split up since Blazor is involved. I am happy to do all, but may rely on you heavily during reviews for the blazor portion as I get up to speed on that end (which might make this take longer), or I could do the organization part first and then you take on the Blazor updates, then I hit Min API. It needs to be cohesive in the end for what we are adding for Min API and Blazor. Or you could take the whole issue if you really want to.

What is your preference for this work? I'll follow your pref.

[guardrex]

There are only four articles listed above for Blazor conversion ... not bad ... not a large volume of work, really. As long as it's ok that I work those four in the normal course of Blazor issue priorities, I'll take those. If we're in agreement that I should take those four, I'll open the four issues now and get them scheduled. Then, I'll edit the comment above and indicate the four items that I'll take care of.

UPDATE: All set up. 🎉 I'll ping for reviews when the time comes.