From 96f8bfbabbd3f71c304a6887c815713eca357e3e Mon Sep 17 00:00:00 2001 From: Kevin Carroll Date: Sat, 17 Jun 2023 10:40:16 -0700 Subject: [PATCH] WIP, typos --- docs/controllers/authorization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/controllers/authorization.md b/docs/controllers/authorization.md index 5d3839e..fe6da09 100644 --- a/docs/controllers/authorization.md +++ b/docs/controllers/authorization.md @@ -79,7 +79,7 @@ public class BakeryController : GraphController ## Use of IAuthorizationService -Under the hood, GraphQL taps into your `IServiceProvider` to obtain a reference to the `IAuthorizationService` that gets created when you configure `.AddAuthorization()` at startup. Take a look at the [Schema Item Authorization Pipeline](https://github.com/graphql-aspnet/graphql-aspnet/tree/master/src/graphql-aspnet/Middleware/SchemaItemSecurity) for the full picture. +Under the hood, GraphQL taps into your `IServiceProvider` to obtain a reference to the `IAuthorizationService` that gets created when you configure `.AddAuthorization()` at startup. Take a look at the [Schema Item Security Pipeline Components](https://github.com/graphql-aspnet/graphql-aspnet/tree/master/src/graphql-aspnet/Middleware/SchemaItemSecurity) for the full picture. ## When does Authorization Occur? @@ -184,7 +184,7 @@ services.AddGraphQL(schemaOptions => ## Performance Considerations -Authorization is not free. Rhere is a minor, but real, performance cost to inspecting and evaluating policies on a field. This true regardless of yor choice of `PerField` or `PerRequest` authorization. Every secure field still needs to be evaluated, whether they are done up front or as the query progresses. In a REST query, you generally only secure your top-level controller methods, consider doing the same with your GraphQL queries. +Authorization is not free. There is a minor, but real, performance cost to inspecting and evaluating policies on each field. This true regardless of yor choice of `PerField` or `PerRequest` authorization. Every secured field still needs to be evaluated, whether it is done up front or as the query progresses. In a REST query, you generally only secure your top-level controller methods, consider doing the same with your GraphQL queries. :::tip Centralize your authorization checks to your controller methods. There is usually no need to apply `[Authorize]` attributes to each and every method and property across your entire schema.