Add IAuthorizationEvaluator

src/Microsoft.AspNetCore.Authorization/AuthorizationServiceCollectionExtensions.cs

@@ -27,6 +27,7 @@ namespace Microsoft.Extensions.DependencyInjection
             
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationService, DefaultAuthorizationService>());
             services.TryAdd(ServiceDescriptor.Transient<IAuthorizationPolicyProvider, DefaultAuthorizationPolicyProvider>());
+            services.TryAdd(ServiceDescriptor.Transient<IAuthorizationEvaluator, DefaultAuthorizationEvaluator>());
             services.TryAddEnumerable(ServiceDescriptor.Transient<IAuthorizationHandler, PassThroughAuthorizationHandler>());
             return services;
         }

src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationEvaluator.cs

@@ -0,0 +1,31 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// Determines whether an authorization request was successful or not.
+    /// </summary>
+    public class DefaultAuthorizationEvaluator : IAuthorizationEvaluator
+    {
+        /// <summary>
+        /// Returns true, if authorization has failed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has failed.</returns>
+        public virtual bool HasFailed(AuthorizationHandlerContext context)
+        {
+            return context.HasFailed;
+        }
+
+        /// <summary>
+        /// Returns true, if authorization has succeeded.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has succeeded.</returns>
+        public virtual bool HasSucceeded(AuthorizationHandlerContext context)
+        {
+            return context.HasSucceeded;
+        }
+    }
+}

src/Microsoft.AspNetCore.Authorization/DefaultAuthorizationService.cs

@@ -16,6 +16,7 @@ namespace Microsoft.AspNetCore.Authorization
     /// </summary>
     public class DefaultAuthorizationService : IAuthorizationService
     {
+        private readonly IAuthorizationEvaluator _evaluator;
         private readonly IAuthorizationPolicyProvider _policyProvider;
         private readonly IList<IAuthorizationHandler> _handlers;
         private readonly ILogger _logger;
@@ -26,7 +27,16 @@ namespace Microsoft.AspNetCore.Authorization
         /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
         /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
         /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
-        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger)
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger) : this(policyProvider, handlers, logger, new DefaultAuthorizationEvaluator()) { }
+
+        /// <summary>
+        /// Creates a new instance of <see cref="DefaultAuthorizationService"/>.
+        /// </summary>
+        /// <param name="policyProvider">The <see cref="IAuthorizationPolicyProvider"/> used to provide policies.</param>
+        /// <param name="handlers">The handlers used to fulfill <see cref="IAuthorizationRequirement"/>s.</param>
+        /// <param name="logger">The logger used to log messages, warnings and errors.</param>  
+        /// <param name="evaluator">The <see cref="IAuthorizationEvaluator"/> used to determine if authorzation was successful.</param>  
+        public DefaultAuthorizationService(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizationHandler> handlers, ILogger<DefaultAuthorizationService> logger, IAuthorizationEvaluator evaluator)
         {
             if (policyProvider == null)
             {
@@ -40,10 +50,15 @@ namespace Microsoft.AspNetCore.Authorization
             {
                 throw new ArgumentNullException(nameof(logger));
             }
+            if (evaluator == null)
+            {
+                throw new ArgumentNullException(nameof(evaluator));
+            }
 
             _handlers = handlers.ToArray();
             _policyProvider = policyProvider;
             _logger = logger;
+            _evaluator = evaluator;
         }
 
         /// <summary>
@@ -69,7 +84,7 @@ namespace Microsoft.AspNetCore.Authorization
                 await handler.HandleAsync(authContext);
             }
 
-            if (authContext.HasSucceeded)
+            if (_evaluator.HasSucceeded(authContext))
             {
                 _logger.UserAuthorizationSucceeded(GetUserNameForLogging(user));
                 return true;

src/Microsoft.AspNetCore.Authorization/IAuthorizationEvaluator.cs

@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNetCore.Authorization
+{
+    /// <summary>
+    /// Determines whether an authorization request was successful or not.
+    /// </summary>
+    public interface IAuthorizationEvaluator
+    {
+        /// <summary>
+        /// Returns true, if authorization has failed.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has failed.</returns>
+        bool HasFailed(AuthorizationHandlerContext context);
+
+        /// <summary>
+        /// Returns true, if authorization has succeeded.
+        /// </summary>
+        /// <param name="context">The authorization information.</param>
+        /// <returns>True if authorization has succeeded.</returns>
+        bool HasSucceeded(AuthorizationHandlerContext context);
+    }
+}

test/Microsoft.AspNetCore.Authorization.Test/DefaultAuthorizationServiceTests.cs

@@ -1019,5 +1019,30 @@ namespace Microsoft.AspNetCore.Authorization.Test
             Assert.True(await authorizationService.AuthorizeAsync(user, "2"));
             Assert.False(await authorizationService.AuthorizeAsync(user, "3"));
         }
+
+        public class SuccessEvaluator : IAuthorizationEvaluator
+        {
+            public bool HasFailed(AuthorizationHandlerContext context)
+            {
+                return false;
+            }
+
+            public bool HasSucceeded(AuthorizationHandlerContext context)
+            {
+                return true;
+            }
+        }
+
+        [Fact]
+        public async Task CanUseCustomEvaluatorThatOverridesRequirement()
+        {
+            var authorizationService = BuildAuthorizationService(services =>
+            {
+                // This will ignore the policy options
+                services.AddSingleton<IAuthorizationEvaluator, SuccessEvaluator>();
+                services.AddAuthorization(options => options.AddPolicy("Fail", p => p.RequireAssertion(c => false)));
+            });
+            Assert.True(await authorizationService.AuthorizeAsync(null, "Fail"));
+        }
     }
 }