Why do we need OperationAuthorizationRequirement for resource-based authorization in ASP.NET Core?

Question

I was reading Resource-based authorization in ASP.NET Core on docs.microsoft.com and I am confused about complexity required to check author of a document.

In this example we need to create Operations and DocumentAuthorizationCrudHandler classes, register DI in Startup , call and await AuthorizeAsync and then perform checks.

Instead of writing 30 lines of code in 4 files we can accomplish everything in just one line of code

if (User.Identity?.Name == Document.Author) return Page();

If we want be able to reuse this we can extract it to a method and still it will be far less complicated solution.

Is there anything wrong with one line solution or I am missing something?

Edit:

To clarify my question - Is there any concrete example why would it be better to implement AuthorizationHandler and OperationAuthorizationRequirement for resource authorization instead of going with simple check? I am genuinely curious about what are the benefits, because I prefer simple solutions but I am afraid that I will hit some case in future that is already covered by AuthorizationHandler/OperationAuthorizationRequirement.

Answer 1

As the doc has said that Operations and DocumentAuthorizationCrudHandler classes enable you to write a single handler instead of an individual class for each operation type.

If we want be able to reuse this we can extract it to a method and still it will be far less complicated solution.

The recommended recourse-based authorization uses DI,which could be more clear and powerful, instead of repeating if / else code everywhere.

Besides,we could also handle different status code (401,403...) in the custom Authorization Handler.We could use IAuthorizationService on view or in blazor razor component.