[Blazor] AuthorizeView - Roles+Policy together (#35297)

hakenr · web-flow · commit cea646de6d7d · 2025-04-23T21:13:02.000Z
diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md
@@ -1230,6 +1230,8 @@ To handle the case where the user must satisfy several policies simultaneously,
 
 Claims-based authorization is a special case of policy-based authorization. For example, you can define a policy that requires users to have a certain claim. For more information, see <xref:security/authorization/policies>.
 
+If both <xref:Microsoft.AspNetCore.Components.Authorization.AuthorizeView.Roles> and <xref:Microsoft.AspNetCore.Components.Authorization.AuthorizeView.Policy> are set, authorization succeeds only when both conditions are satisfied. That is, the user must belong to at least one of the specified roles *and* meet the requirements defined by the policy.
+
 If neither <xref:Microsoft.AspNetCore.Components.Authorization.AuthorizeView.Roles> nor <xref:Microsoft.AspNetCore.Components.Authorization.AuthorizeView.Policy> is specified, <xref:Microsoft.AspNetCore.Components.Authorization.AuthorizeView> uses the default policy:
 
 * Authenticated (signed-in) users are authorized.
