public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName) { var policy = await base.GetPolicyAsync(policyName); var tenant = await _tenantProvider.CurrentTenantId(); if (policy == null || await _iamProvider.NeedsUpdate(policyName, tenant, _iamProviderCache)) { var iamRoles = await _iamProvider.GetRequiredRoles(policyName, tenant, _iamProviderCache); var iamClaim = await _iamProvider.GetRequiredClaim(policyName, tenant, _iamProviderCache); var isResourceIdAccessRequired = await _iamProvider.IsResourceIdAccessRequired(policyName, tenant, _iamProviderCache); var builder = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser(); if (iamRoles != null) { var _iamRoles = !string.IsNullOrEmpty(iamClaim) ? new List <string>(iamRoles).Union(new List <string>() { iamClaim }) : iamRoles; if (iamRoles.Count > 0) { builder.RequireRole(_iamRoles.Select(x => x.ToMultiTenantRoleName(tenant))); } } else if (!string.IsNullOrEmpty(iamClaim)) { builder.RequireRole(iamClaim.ToMultiTenantRoleName(tenant)); } if (isResourceIdAccessRequired) { builder.AddRequirements(new ResourceIdRequirement(policyName)); } policy = builder .Build(); } return(policy); }