Change auth policy code in templates

Following discussions, we want to change the default code in Azure AD/B2C-using project templates from this:

```cs
            services.AddControllersWithViews(options =>
            {
                var policy = new AuthorizationPolicyBuilder()
                    .RequireAuthenticatedUser()
                    .Build();
                options.Filters.Add(new AuthorizeFilter(policy));
            });
```

to this:

```cs
            services.AddAuthorization(options =>
            {
                // By default, all incoming requests will be authorized according to the default policy
                options.FallbackPolicy = options.DefaultPolicy;
            });
```

The intention is:

1. To avoid the current weirdness in the Blazor Server templates whereby default policy isn't applied to the `_Host` page or `/_blazor` SignalR endpoint
2. Make it more obvious where you'd put custom policies. In the existing templates, people probably think they should put them in the `AddControllersWithViews` lambda but that wouldn't apply to Blazor.

Even though we first thought of this in the context of Blazor Server, the discussed plan is to change this in the other ASP.NET Core server-side templates too (for simplicitly and consistency).

### Docs

Secondly, we want to clarify in docs how policies get applied in Blazor Server, and how Blazor Server endpoints are **not** the same as MVC or Razor Pages endpoints in terms of what gets enforced.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Change auth policy code in templates #19580

Docs

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Change auth policy code in templates #19580

Description

Docs

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions