public async Task Invoke(IIncomingGrainCallContext context)
        {
            AuthorizeAttribute authAttr = this.FindAuthorizeAttribute(context);

            if (authAttr == null)
            {
                await context.Invoke();

                return;
            }

            //已经授权无需再次授权
            if (RequestContext.Get(UserPrincipalKey) != null)
            {
                var UserPrincipal = RequestContext.Get(UserPrincipalKey);
                if (UserPrincipal.GetType() == typeof(ClaimsPrincipal))
                {
                    if (this.VerifyPolicy(context, (ClaimsPrincipal)UserPrincipal, authAttr))
                    {
                        await context.Invoke();

                        return;
                    }
                }
            }

            //获取授权的方案
            var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();

            if (defaultAuthenticate == null)
            {
                await context.Invoke();

                return;
            }

            //授权处理
            var authContext = new AuthenticateContext(ServiceProvider);
            var result      = await authContext.AuthenticateAsync(defaultAuthenticate.Name);

            if (result?.Succeeded != true)
            {
                this.Logger.LogError(result.Failure, result.Failure.Message);
                throw new AuthenticationException("Authorization Token is invalid");
            }

            //验证 Policy
            if (this.VerifyPolicy(context, result.Principal, authAttr))
            {
                RequestContext.Set(UserPrincipalKey, result.Principal);
            }

            await context.Invoke();
        }
        private AuthorizeAttribute FindAuthorizeAttribute(IIncomingGrainCallContext context)
        {
            //检查context.Grain必须继承 Grain
            if (!typeof(Grain).IsAssignableFrom(context.Grain.GetType()))
            {
                return(null);
            }
            try
            {
                if (context.ImplementationMethod == null)
                {
                    return(null);
                }
            }
            catch (Exception)
            {
                return(null);
            }

            AuthorizeAttribute authAttr = context.ImplementationMethod.GetCustomAttribute <AuthorizeAttribute>();

            if (authAttr == null)
            {
                //判断方法是否允许匿名
                var allowAnonymous = context.ImplementationMethod.GetCustomAttribute <AllowAnonymousAttribute>();
                if (allowAnonymous != null)
                {
                    return(null);
                }

                //获取类是否标示AuthorizeAttribute
                authAttr = context.ImplementationMethod.DeclaringType.GetCustomAttribute <AuthorizeAttribute>();
                if (authAttr == null)
                {
                    return(null);
                }
            }
            this.Logger.LogDebug($"{context.ImplementationMethod.Name} Need authorization ");
            return(authAttr);
        }
        private bool VerifyPolicy(IIncomingGrainCallContext context, ClaimsPrincipal principal, AuthorizeAttribute authAttr)
        {
            string policy = string.Empty;

            if (!string.IsNullOrEmpty(authAttr.Roles))
            {
                policy = authAttr.Roles;
            }
            else if (!string.IsNullOrEmpty(authAttr.Policy))
            {
                policy = authAttr.Policy;
            }

            if (!string.IsNullOrEmpty(policy))
            {
                var claim = principal.FindFirst(authAttr.Policy);
                if (claim == null)
                {
                    this.Logger.LogError("Authorization ClaimsPrincipal Does not contain " + policy);
                    throw new AuthenticationException("Authorization ClaimsPrincipal Does not contain " + policy);
                }
            }

            return(true);
        }