Skip to content

Fixed Some Minor Typos on the Authorization Page #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 17, 2023
Merged

Fixed Some Minor Typos on the Authorization Page #49

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/controllers/authorization.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ public class BakeryController : GraphController

## Use of IAuthorizationService

Under the hood, GraphQL taps into your `IServiceProvider` to obtain a reference to the `IAuthorizationService` that gets created when you configure `.AddAuthorization()` at startup. Take a look at the [Schema Item Authorization Pipeline](https://github.com/graphql-aspnet/graphql-aspnet/tree/master/src/graphql-aspnet/Middleware/SchemaItemSecurity) for the full picture.
Under the hood, GraphQL taps into your `IServiceProvider` to obtain a reference to the `IAuthorizationService` that gets created when you configure `.AddAuthorization()` at startup. Take a look at the [Schema Item Security Pipeline Components](https://github.com/graphql-aspnet/graphql-aspnet/tree/master/src/graphql-aspnet/Middleware/SchemaItemSecurity) for the full picture.

## When does Authorization Occur?

Expand Down Expand Up @@ -184,7 +184,7 @@ services.AddGraphQL(schemaOptions =>

## Performance Considerations

Authorization is not free. Rhere is a minor, but real, performance cost to inspecting and evaluating policies on a field. This true regardless of yor choice of `PerField` or `PerRequest` authorization. Every secure field still needs to be evaluated, whether they are done up front or as the query progresses. In a REST query, you generally only secure your top-level controller methods, consider doing the same with your GraphQL queries.
Authorization is not free. There is a minor, but real, performance cost to inspecting and evaluating policies on each field. This true regardless of yor choice of `PerField` or `PerRequest` authorization. Every secured field still needs to be evaluated, whether it is done up front or as the query progresses. In a REST query, you generally only secure your top-level controller methods, consider doing the same with your GraphQL queries.

:::tip
Centralize your authorization checks to your controller methods. There is usually no need to apply `[Authorize]` attributes to each and every method and property across your entire schema.
Expand Down