private static async Task <AuthState> AuthorizeWithPolicyAsync( IDirectiveContext context, AuthorizeDirective directive, ClaimsPrincipal principal) { IServiceProvider services = context.Service <IServiceProvider>(); IAuthorizationService authorizeService = services.GetService <IAuthorizationService>(); IAuthorizationPolicyProvider policyProvider = services.GetService <IAuthorizationPolicyProvider>(); if (authorizeService == null || policyProvider == null) { // authorization service is not configured so the user is // authorized with the previous checks. return(string.IsNullOrWhiteSpace(directive.Policy) ? AuthState.Allowed : AuthState.NotAllowed); } AuthorizationPolicy?policy = null; if ((directive.Roles is null || directive.Roles.Count == 0) && string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetDefaultPolicyAsync() .ConfigureAwait(false); if (policy == null) { return(AuthState.NoDefaultPolicy); } }
public async Task InvokeAsync(HttpContext context) { if (context is null) { throw new ArgumentNullException(nameof(context)); } var(useDefaultPolicy, policyName) = options is null ? (true, null) : (options.UseDefault, options.PolicyName); var policy = await(useDefaultPolicy ? policyProvider.GetDefaultPolicyAsync() : policyProvider.GetPolicyAsync(policyName)); // Policy evaluator has transient lifetime so it fetched from request services instead of injecting in constructor var policyEvaluator = context.RequestServices.GetRequiredService <IPolicyEvaluator>(); var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context); var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource : null); if (authorizeResult.Challenged) { if (policy.AuthenticationSchemes.Any()) { foreach (var scheme in policy.AuthenticationSchemes) { await context.ChallengeAsync(scheme); } } else { await context.ChallengeAsync(); } return; } else if (authorizeResult.Forbidden) { if (policy.AuthenticationSchemes.Any()) { foreach (var scheme in policy.AuthenticationSchemes) { await context.ForbidAsync(scheme); } } else { await context.ForbidAsync(); } return; } await(next?.Invoke(context) ?? Task.CompletedTask); }
private static async Task <bool> AuthorizeWithPolicyAsync( IDirectiveContext context, AuthorizeDirective directive, ClaimsPrincipal principal) { IServiceProvider services = context.Service <IServiceProvider>(); IAuthorizationService authorizeService = services.GetService <IAuthorizationService>(); IAuthorizationPolicyProvider policyProvider = services.GetService <IAuthorizationPolicyProvider>(); if (authorizeService == null || policyProvider == null) { return(string.IsNullOrWhiteSpace(directive.Policy)); } AuthorizationPolicy policy = null; if (directive.Roles.Count == 0 && string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetDefaultPolicyAsync() .ConfigureAwait(false); if (policy == null) { context.Result = QueryError.CreateFieldError( "The default authorization policy does not exist.", context.FieldSelection); } } else if (!string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetPolicyAsync(directive.Policy) .ConfigureAwait(false); if (policy == null) { context.Result = QueryError.CreateFieldError( $"The `{directive.Policy}` authorization policy " + "does not exist.", context.FieldSelection); } } if (context.Result == null && policy != null) { AuthorizationResult result = await authorizeService.AuthorizeAsync(principal, policy) .ConfigureAwait(false); return(result.Succeeded); } return(false); }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in authorizeData.OfType <AuthorizeAttribute>()) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeAttribute.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } return(any ? policyBuilder.Build() : null); }
public async Task <AuthorizationContext> GetAuthorizationContextAsync(object implementation, MethodInfo methodInfo) { Type[] parameterTypes = methodInfo.GetParameters().Select(x => x.ParameterType).ToArray(); if (parameterTypes.Length == 0) { parameterTypes = Type.EmptyTypes; } MethodInfo concreteMethod = implementation.GetType().GetMethod(methodInfo.Name, parameterTypes); AuthorizeAttribute authorizeAttribute = concreteMethod.DeclaringType.GetCustomAttribute <AuthorizeAttribute>(); // overwrite by action attribute authorizeAttribute = concreteMethod.GetCustomAttribute <AuthorizeAttribute>() ?? authorizeAttribute; if (authorizeAttribute == null) { return(null); } if (authorizeAttribute.Roles != null && authorizeAttribute.Policy != null) { throw new NotSupportedException("You must specify either Roles or Policy"); } AuthorizationPolicy policy; if (authorizeAttribute.Roles != null) { var builder = new AuthorizationPolicyBuilder(authorizeAttribute.AuthenticationSchemes.Split(',')); builder.RequireRole(authorizeAttribute.Roles.Split(',')); policy = builder.Build(); } else if (authorizeAttribute.Policy != null) { policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy) ?? throw new ArgumentException($"Policy {authorizeAttribute.Policy} does not exist"); } else { policy = await policyProvider.GetDefaultPolicyAsync(); } return(new AuthorizationContext { Policy = policy }); }
public Task <AuthorizationPolicy> GetDefaultPolicyAsync() => _default.GetDefaultPolicyAsync();
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } // Avoid allocating enumerator if the data is known to be empty var skipEnumeratingData = false; if (authorizeData is IList <IAuthorizeData> dataList) { skipEnumeratingData = dataList.Count == 0; } AuthorizationPolicyBuilder policyBuilder = null; if (!skipEnumeratingData) { foreach (var authorizeDatum in authorizeData) { if (policyBuilder == null) { policyBuilder = new AuthorizationPolicyBuilder(); } var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeDatum.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } } var requiredPolicy = await policyProvider.GetRequiredPolicyAsync(); if (requiredPolicy != null) { if (policyBuilder == null) { policyBuilder = new AuthorizationPolicyBuilder(); } policyBuilder.Combine(requiredPolicy); } return(policyBuilder?.Build()); }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <param name="policies">A collection of <see cref="AuthorizationPolicy"/> policies to combine.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy?> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData, IEnumerable <AuthorizationPolicy> policies) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var anyPolicies = policies.Any(); // Avoid allocating enumerator if the data is known to be empty var skipEnumeratingData = false; if (authorizeData is IList <IAuthorizeData> dataList) { skipEnumeratingData = dataList.Count == 0; } AuthorizationPolicyBuilder?policyBuilder = null; if (!skipEnumeratingData) { foreach (var authorizeDatum in authorizeData) { if (policyBuilder == null) { policyBuilder = new AuthorizationPolicyBuilder(); } var useDefaultPolicy = !(anyPolicies); if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy).ConfigureAwait(false); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeDatum.Roles?.Split(','); if (rolesSplit?.Length > 0) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(','); if (authTypesSplit?.Length > 0) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync().ConfigureAwait(false)); } } } if (anyPolicies) { policyBuilder ??= new(); foreach (var policy in policies) { policyBuilder.Combine(policy); } } // If we have no policy by now, use the fallback policy if we have one if (policyBuilder == null) { var fallbackPolicy = await policyProvider.GetFallbackPolicyAsync().ConfigureAwait(false); if (fallbackPolicy != null) { return(fallbackPolicy); } } return(policyBuilder?.Build()); }
private static async Task <bool> AuthorizeWithPolicyAsync( IDirectiveContext context, AuthorizeDirective directive, ClaimsPrincipal principal) { IServiceProvider services = context.Service <IServiceProvider>(); IAuthorizationService authorizeService = services.GetService <IAuthorizationService>(); IAuthorizationPolicyProvider policyProvider = services.GetService <IAuthorizationPolicyProvider>(); if (authorizeService == null || policyProvider == null) { return(string.IsNullOrWhiteSpace(directive.Policy)); } AuthorizationPolicy policy = null; if (directive.Roles.Count == 0 && string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetDefaultPolicyAsync() .ConfigureAwait(false); if (policy == null) { context.Result = context.Result = ErrorBuilder.New() .SetMessage( AuthResources.AuthorizeMiddleware_NoDefaultPolicy) .SetCode(AuthErrorCodes.NoDefaultPolicy) .SetPath(context.Path) .AddLocation(context.FieldSelection) .Build(); } } else if (!string.IsNullOrWhiteSpace(directive.Policy)) { policy = await policyProvider.GetPolicyAsync(directive.Policy) .ConfigureAwait(false); if (policy == null) { context.Result = ErrorBuilder.New() .SetMessage(string.Format( CultureInfo.InvariantCulture, AuthResources.AuthorizeMiddleware_PolicyNotFound, directive.Policy)) .SetCode(AuthErrorCodes.PolicyNotFound) .SetPath(context.Path) .AddLocation(context.FieldSelection) .Build(); } } if (context.Result == null && policy != null) { AuthorizationResult result = await authorizeService.AuthorizeAsync( principal, context, policy) .ConfigureAwait(false); return(result.Succeeded); } return(false); }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeDatum in authorizeData) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy); if (policy == null) { //throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy)); throw new InvalidOperationException(nameof(authorizeDatum.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeDatum.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } if (authorizeDatum is IPermissionAuthorizeData permissionAuthorizeDatum) { var groupsSplit = permissionAuthorizeDatum.Groups?.Split(','); if (groupsSplit != null && groupsSplit.Any()) { var trimmedGroupsSplit = groupsSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireClaim(TubumuClaimTypes.Group, trimmedGroupsSplit); //policyBuilder.AddRequirements(new GroupsAuthorizationRequirement(trimmedGroupsSplit)); useDefaultPolicy = false; } var permissionsSplit = permissionAuthorizeDatum.Permissions?.Split(','); if (permissionsSplit != null && permissionsSplit.Any()) { var trimmedPermissionsSplit = permissionsSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireClaim(TubumuClaimTypes.Permission, trimmedPermissionsSplit); //policyBuilder.AddRequirements(new PermissionsAuthorizationRequirement(trimmedPermissionsSplit)); useDefaultPolicy = false; } } var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } return(any ? policyBuilder.Build() : null); }
public async Task <AuthorizationPolicy> CombineAsync(AuthorizeData authorizeData) { // Avoid allocating enumerator if the data is known to be empty var skip = authorizeData == null; if (skip) { // If we have no policy by now, use the fallback policy if we have one var fallbackPolicy = await PolicyProvider.GetFallbackPolicyAsync(); if (fallbackPolicy != null) { return(fallbackPolicy); } } else { AuthorizationPolicyBuilder policyBuilder = new AuthorizationPolicyBuilder(); var useDefaultPolicy = true; if (authorizeData.DeniedAll) { policyBuilder.AddRequirements(new DenyAllAuthorizationRequirement(true)); useDefaultPolicy = false; } else { if (!authorizeData.AuthenticationSchemes.IsNullOrEmpty()) { foreach (string scheme in authorizeData.AuthenticationSchemes) { policyBuilder.AuthenticationSchemes.Add(scheme.Trim()); } } // 假如允许所有角色访问,只需要求登录即可 if (authorizeData.AllowedAllRoles) { policyBuilder.RequireAuthenticatedUser(); useDefaultPolicy = false; } else { if (!authorizeData.Policies.IsNullOrEmpty()) { foreach (string policyName in authorizeData.Policies) { var policy = await PolicyProvider.GetPolicyAsync(policyName); if (policy == null) { throw new InvalidOperationException($"找不到名为: '{policyName}'的策略!"); } policyBuilder.Combine(policy); } useDefaultPolicy = false; } if (!authorizeData.AllowedUsers.IsNullOrEmpty() || !authorizeData.AllowedRoles.IsNullOrEmpty()) { policyBuilder.AddRequirements(new RolesOrUsersAuthorizationRequirement(authorizeData.AllowedUsers, authorizeData.AllowedRoles)); useDefaultPolicy = false; } } if (useDefaultPolicy) { policyBuilder.Combine(await PolicyProvider.GetDefaultPolicyAsync()); } } return(policyBuilder?.Build()); } return(null); }
public Task <AuthorizationPolicy> GetDefaultPolicyAsync() { return(_fallbackProvider.GetDefaultPolicyAsync()); }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task<AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in authorizeData.OfType<AuthorizeAttribute>()) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeAttribute.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeAttribute.ActiveAuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } return any ? policyBuilder.Build() : null; }
/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } var policyBuilder = new AuthorizationPolicyBuilder(); var any = false; foreach (var authorizeAttribute in authorizeData) { any = true; var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeAttribute.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeAttribute.Policy); if (policy == null) { throw new InvalidOperationException(ResourceHelper.FormatException_AuthorizationPolicyNotFound(authorizeAttribute.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } if (!string.IsNullOrWhiteSpace(authorizeAttribute.Roles)) { policyBuilder.RequireRole(SplitAndTrim(authorizeAttribute.Roles)); useDefaultPolicy = false; } if (!string.IsNullOrWhiteSpace(authorizeAttribute.ActiveAuthenticationSchemes)) { policyBuilder.AddAuthenticationSchemes(SplitAndTrim(authorizeAttribute.ActiveAuthenticationSchemes)); useDefaultPolicy = false; } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } if (any) { if (policyBuilder.AuthenticationSchemes.Count > 0) { if (policyBuilder.Requirements.Count == 0) { policyBuilder.RequireAuthenticatedUser(); } } return(policyBuilder.Build()); } return(null); }