The [RequiresPermission] attribute specifies the name of a permission that must be assigned to the calling identity. If the caller does not have this permission, then the caller will receive an access denied response.
The [RequiresPermission()] attribute has the following properties you can set.
Specifies the name of the permission to check. This permission must be configured in the Authorization middleware to be effective. If you do not configure any Authorization middleware then this permission will not be checked and all users will be able to access this page.
Defines the optional path of the secure resource. See documentation on the Authorization sub-system to understand how to set this property.