Asp.net core web-api http action based authorization

Question

I am trying to add two policies to asp.net core api.

1. ReadOnly - only allow get calls
2. AppUser - allow get,put,post,delete

//// policies are in