public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context) + "is null");
}
if (context.ActionDescriptor.EndpointMetadata.Any(p => p is IAllowAnonymous))
{
return;
}
if (!context.ActionDescriptor.EndpointMetadata.Any(p => p is AuthorizeAttribute))
{
return;
}
IPolicyEvaluator policyEvaluator = context.HttpContext.RequestServices.GetRequiredService <IPolicyEvaluator>();
AuthenticateResult authenticateResult = await policyEvaluator.AuthenticateAsync(this.policy, context.HttpContext);
PolicyAuthorizationResult authorizeResult = await policyEvaluator.AuthorizeAsync(this.policy, authenticateResult, context.HttpContext, context);
if (authorizeResult.Challenged)
{
context.Result = new NavyblueUnAuthorizeResult("Authorization Failed");
}
else if (authorizeResult.Forbidden)
{
context.Result = new ForbidResult(this.policy.AuthenticationSchemes.ToArray());
}
}
public async Task <bool> AuthorizeAsync(HttpContext httpContext, AuthorizationContext authorizationContext)
{
AuthorizationPolicy policy = authorizationContext?.Policy;
if (policy == null)
{
// authorization not required
return(true);
}
AuthenticateResult authenticationResult = await policyEvaluator.AuthenticateAsync(policy, httpContext);
PolicyAuthorizationResult authorizationResult = await policyEvaluator.AuthorizeAsync(policy, authenticationResult, httpContext, null);
if (authorizationResult.Challenged)
{
await httpContext.ChallengeAsync();
return(false);
}
else if (authorizationResult.Forbidden)
{
await httpContext.ForbidAsync();
return(false);
}
return(true);
}
public async Task HandleAsync(
RequestDelegate requestDelegate,
HttpContext httpContext,
AuthorizationPolicy authorizationPolicy,
PolicyAuthorizationResult policyAuthorizationResult)
{
// if the authorization was forbidden, let's use custom logic to handle that.
if (policyAuthorizationResult.Forbidden && policyAuthorizationResult.AuthorizationFailure != null)
{
// as an example, let's return 404 if specific requirement has failed
if (policyAuthorizationResult.AuthorizationFailure.FailedRequirements.Any(requirement => requirement is SampleRequirement))
{
httpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
await httpContext.Response.WriteAsync(Startup.CustomForbiddenMessage);
// return right away as the default implementation would overwrite the status code
return;
}
else if (policyAuthorizationResult.AuthorizationFailure.FailedRequirements.Any(requirement => requirement is SampleWithCustomMessageRequirement))
{
// if other requirements failed, let's just use a custom message
// but we have to use OnStarting callback because the default handlers will want to modify i.e. status code of the response
// and modifications of the response are not allowed once the writing has started
var message = Startup.CustomForbiddenMessage;
httpContext.Response.OnStarting(() => httpContext.Response.BodyWriter.WriteAsync(Encoding.UTF8.GetBytes(message)).AsTask());
}
}
await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
}
/// <summary>
/// Evaluates the authorization requirement and processes the authorization result.
/// </summary>
/// <param name="next">
/// The next middleware in the application pipeline. Implementations may not invoke this if the authorization did not succeed.
/// </param>
/// <param name="context">The <see cref="T:Microsoft.AspNetCore.Http.HttpContext" />.</param>
/// <param name="policy">The <see cref="T:Microsoft.AspNetCore.Authorization.AuthorizationPolicy" /> for the resource.</param>
/// <param name="authorizeResult">The result of authorization.</param>
public Task HandleAsync(RequestDelegate next,
HttpContext context,
AuthorizationPolicy policy,
PolicyAuthorizationResult authorizeResult)
{
throw new NotImplementedException();
}
public async Task <PolicyAuthorizationResult> AuthorizeAsync(
AuthorizationPolicy policy,
AuthenticateResult authenticationResult,
HttpContext context,
object resource)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
var result = await _authorization.AuthorizeAsync(context.User, resource, policy);
if (result.Succeeded)
{
_logger.PolicySucceed();
return(PolicyAuthorizationResult.Success());
}
// If authentication was successful, return forbidden, otherwise challenge
if (authenticationResult.Succeeded)
{
_logger.PolicyFailToForbid();
return(PolicyAuthorizationResult.Forbid());
}
_logger.PolicyFailToChallenge();
return(PolicyAuthorizationResult.Challenge());
}
public override async Task <PolicyAuthorizationResult> AuthorizeAsync(
AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, object resource
)
{
// This call will check 2 places (requirements):
// - AnyValidPermissionRequirementHandler
// - ActionAuthorizationRequirementHandler OR the default [Authorize]
var result = await base.AuthorizeAsync(policy, authenticationResult, context, resource);
if (result.Challenged)
{
context.Items[contextKey] = new UnauthorizedException(GetExceptionMessageFromHttpContext());
return(PolicyAuthorizationResult.Challenge());
}
else if (result.Forbidden)
{
// If user is authenticated but not allowed, send them to a special error page
if (context.User.Identity.IsAuthenticated)
{
context.Items[contextKey] = new ForbiddenException(GetExceptionMessageFromHttpContext());
return(PolicyAuthorizationResult.Forbid());
}
}
return(result);
}
public virtual async Task <PolicyAuthorizationResult> AuthorizeAsync(
AuthorizationPolicy policy,
AuthenticateResult authenticationResult,
HttpContext context)
{
return(await Task.FromResult(PolicyAuthorizationResult.Success()));
}
private async Task <bool> AuthorizeAsync(HttpContext context, IPolicyEvaluator policyEvaluator)
{
bool authorized = false;
if (_serverSentEventsOptions.Authorization is null)
{
authorized = true;
}
else
{
if (_authorizationPolicy is null)
{
_authorizationPolicy = await AuthorizationPolicy.CombineAsync(_policyProvider, new[] { _serverSentEventsOptions.Authorization });
}
AuthenticateResult authenticateResult = await policyEvaluator.AuthenticateAsync(_authorizationPolicy, context);
PolicyAuthorizationResult authorizeResult = await policyEvaluator.AuthorizeAsync(_authorizationPolicy, authenticateResult, context, null);
if (authorizeResult.Challenged)
{
await ChallengeAsync(context);
}
else if (authorizeResult.Forbidden)
{
await ForbidAsync(context);
}
else
{
authorized = true;
}
}
return(authorized);
}
public async Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy,
AuthenticateResult authenticationResult, HttpContext context,
ICasbinAuthorizationContext casbinContext, object?resource)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
if (casbinContext == null)
{
throw new ArgumentNullException(nameof(casbinContext));
}
var result = await _authorizationService.AuthorizeAsync(context.User, casbinContext, policy);
if (result.Succeeded)
{
return(PolicyAuthorizationResult.Success());
}
// If authentication was successful, return forbidden, otherwise challenge
return(authenticationResult.Succeeded
? PolicyAuthorizationResult.Forbid()
: PolicyAuthorizationResult.Challenge());
}
/// <inheritdoc />
public Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy,
PolicyAuthorizationResult authorizeResult)
{
var endpoint = context.GetEndpoint();
var remoteApi = endpoint.Metadata.GetMetadata <BffRemoteApiEndpointMetadata>();
var localApi = endpoint.Metadata.GetMetadata <BffApiAttribute>();
if (remoteApi == null && localApi == null)
{
return(_handler.HandleAsync(next, context, policy, authorizeResult));
}
if (authorizeResult.Challenged)
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return(Task.CompletedTask);
}
if (authorizeResult.Forbidden)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return(Task.CompletedTask);
}
return(_handler.HandleAsync(next, context, policy, authorizeResult));
}
/// <summary>
/// Invokes the authorization filters for the controller action.
/// </summary>
/// <returns>Whether the user is authenticated or not.</returns>
internal static async Task <bool> InvokeAuthorizationFiltersForRequest(this ControllerContext controllerContext, ActionContext actionContext)
{
ControllerActionDescriptor actionDescriptor = controllerContext.ActionDescriptor;
var metadataCollection =
new EndpointMetadataCollection(actionDescriptor.EndpointMetadata.Union(new[] { actionDescriptor }));
IReadOnlyList <IAuthorizeData> authorizeData = metadataCollection.GetOrderedMetadata <IAuthorizeData>();
IAuthorizationPolicyProvider policyProvider = controllerContext.HttpContext.RequestServices
.GetRequiredService <IAuthorizationPolicyProvider>();
AuthorizationPolicy?policy = await AuthorizationPolicy.CombineAsync(policyProvider, authorizeData);
if (policy is not null)
{
IPolicyEvaluator policyEvaluator =
controllerContext.HttpContext.RequestServices.GetRequiredService <IPolicyEvaluator>();
AuthenticateResult authenticateResult =
await policyEvaluator.AuthenticateAsync(policy, controllerContext.HttpContext);
if (!authenticateResult.Succeeded)
{
return(false);
}
// TODO this is super hacky, but we rely on the FeatureAuthorizeHandler can still handle endpoints
// (The way before .NET 5). The .NET 5 way would need to use han http context, for the "inner" request
// with the nested controller
var resource = new Endpoint(null, metadataCollection, null);
PolicyAuthorizationResult authorizeResult =
await policyEvaluator.AuthorizeAsync(policy, authenticateResult, controllerContext.HttpContext, resource);
if (!authorizeResult.Succeeded)
{
return(false);
}
}
IList <FilterDescriptor> filters = actionDescriptor.FilterDescriptors;
var filterGrouping = new FilterGrouping(filters, controllerContext.HttpContext.RequestServices);
// because the continuation gets built from the inside out we need to reverse the filter list
// so that least specific filters (Global) get run first and the most specific filters (Action) get run last.
var authorizationFilters = filterGrouping.AuthorizationFilters.Reverse().ToList();
var asyncAuthorizationFilters = filterGrouping.AsyncAuthorizationFilters.Reverse().ToList();
if (authorizationFilters.Count == 0 && asyncAuthorizationFilters.Count == 0)
{
return(true);
}
// if the authorization filter returns a result, it means it failed to authorize
var authorizationFilterContext =
new AuthorizationFilterContext(actionContext, filters.Select(x => x.Filter).ToArray());
return(await ExecuteAuthorizationFiltersAsync(authorizationFilterContext, authorizationFilters, asyncAuthorizationFilters));
}
public Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context,
object resource)
{
if (!authenticationResult.Succeeded)
{
return(Task.FromResult(PolicyAuthorizationResult.Challenge()));
}
return(_defaultEvaluator.AuthorizeAsync(policy, authenticationResult, context, resource));
}
public Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy _,
AuthenticateResult authenticationResult, HttpContext context,
object resource)
{
var authorizeResult = authenticationResult.Succeeded
? PolicyAuthorizationResult.Success()
: PolicyAuthorizationResult.Challenge();
return(Task.FromResult(authorizeResult));
}
public Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context,
object resource)
{
if (!authenticationResult.Succeeded)
{
return(Task.FromResult(PolicyAuthorizationResult.Forbid()));
}
return(Task.FromResult(PolicyAuthorizationResult.Success()));
}
public async Task NotCallRequestDelegate_If_PolicyAuthorizationResultWasForbidden()
{
var requestDelegate = new Mock <RequestDelegate>();
var httpContext = CreateHttpContext();
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
var policyAuthorizationResult = PolicyAuthorizationResult.Forbid();
var handler = CreateAuthorizationMiddlewareResultHandler();
await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
requestDelegate.Verify(next => next(It.IsAny <HttpContext>()), Times.Never);
}
public async Task ChallangeWithoutAuthenticationScheme_If_PolicyAuthorizationResultWasChallenged()
{
var authenticationServiceMock = new Mock <IAuthenticationService>();
var requestDelegate = new Mock <RequestDelegate>();
var httpContext = CreateHttpContext(authenticationServiceMock.Object);
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
var policyAuthorizationResult = PolicyAuthorizationResult.Challenge();
var handler = CreateAuthorizationMiddlewareResultHandler();
await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
authenticationServiceMock.Verify(service => service.ChallengeAsync(httpContext, null, null), Times.Once);
}
public async Task HandleAsync(
RequestDelegate requestDelegate, HttpContext httpContext,
AuthorizationPolicy authorizationPolicy, PolicyAuthorizationResult policyAuthorizationResult)
{
if (!policyAuthorizationResult.Succeeded)
{
httpContext.Response.StatusCode = 401;
httpContext.Response.ContentType = "application/json";
await httpContext.Response.WriteAsync(unauthorizedResponseJson);
return;
}
await new AuthorizationMiddlewareResultHandler().HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult);
}
public void OnAuthorizationAsync_Should_Not_Set_Result_When_Authorization_Succeeds()
{
var policyEvaluator = Substitute.For <IPolicyEvaluator>();
_actionContext.HttpContext.RequestServices = Substitute.For <IServiceProvider>();
_actionContext.HttpContext.RequestServices.GetService(Arg.Any <Type>()).Returns(policyEvaluator);
var authorizeResult = PolicyAuthorizationResult.Success();
policyEvaluator.AuthorizeAsync(Arg.Any <AuthorizationPolicy>(), Arg.Any <AuthenticateResult>(), Arg.Any <HttpContext>(), Arg.Any <object>()).Returns(authorizeResult);
var context = new AuthorizationFilterContext(_actionContext, Substitute.For <IList <IFilterMetadata> >());
_filter.OnAuthorizationAsync(context);
context.Result.Should().BeNull();
}
public async Task HandleAsync(RequestDelegate next,
HttpContext context,
AuthorizationPolicy policy,
PolicyAuthorizationResult authorizeResult)
{
if (authorizeResult.Forbidden && authorizeResult.AuthorizationFailure != null)
{
if (authorizeResult.AuthorizationFailure.FailedRequirements.Any(req => req is ExpiredPaymentRequirement))
{
var user = await _userManager.GetUserAsync(context.User);
user.IsBlocked = true;
await _userManager.UpdateAsync(user);
await _signInManager.SignOutAsync();
}
}
await _handler.HandleAsync(next, context, policy, authorizeResult);
}
public async Task HandleAsync(
RequestDelegate requestDelegate,
HttpContext httpContext,
AuthorizationPolicy authorizationPolicy,
PolicyAuthorizationResult policyAuthorizationResult)
{
// if the authorization was forbidden and the resource had specific requirements,
// provide a custom response.
if (Show404ForForbiddenResult(policyAuthorizationResult))
{
// Return a 404 to make it appear as if the resource does not exist.
httpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
return;
}
// Fallback to the default implementation.
await DefaultHandler.HandleAsync(requestDelegate, httpContext, authorizationPolicy,
policyAuthorizationResult);
}
public async Task <PolicyAuthorizationResult> TryAuthenticate(MethodInfo methodInfo)
{
if (!methodInfo.GetAuthorizeData().Any())
{
return(PolicyAuthorizationResult.Success());
}
if (UserValidUntil >= DateTime.Now)
{
return(PolicyAuthorizationResult.Success());
}
var hubContextType = typeof(ClientContextDispatcher <>).MakeGenericType(HARRRType);
var harrrContext = (IClientContextDispatcher)ServiceProvider.GetRequiredService(hubContextType);
var res = await harrrContext.Challenge(Id);
var authentication = new SignalARRRAuthentication(ServiceProvider);
return(await authentication.Authorize(this, res, methodInfo));
}
public void OnAuthorizationAsync_Should_Set_Result_When_Authorization_Is_Challenged()
{
var policyEvaluator = Substitute.For <IPolicyEvaluator>();
_actionContext.HttpContext.RequestServices = Substitute.For <IServiceProvider>();
_actionContext.HttpContext.RequestServices.GetService(Arg.Any <Type>()).Returns(policyEvaluator);
var authorizeResult = PolicyAuthorizationResult.Challenge();
policyEvaluator.AuthorizeAsync(Arg.Any <AuthorizationPolicy>(), Arg.Any <AuthenticateResult>(), Arg.Any <HttpContext>(), Arg.Any <object>()).Returns(authorizeResult);
var context = new AuthorizationFilterContext(_actionContext, Substitute.For <IList <IFilterMetadata> >());
_filter.OnAuthorizationAsync(context);
context.Result.Should().BeAssignableTo <ObjectResult>();
context.Result.As <ObjectResult>().StatusCode.Should().Be(StatusCodes.Status401Unauthorized);
context.Result.As <ObjectResult>().Value.Should().BeAssignableTo <ApiResponse>();
context.Result.As <ObjectResult>().Value.As <ApiResponse>().Message.Should().Be("Unauthorised.");
context.Result.As <ObjectResult>().Value.As <ApiResponse>().Data.Should().BeNull();
}
public void OnAuthorizationAsync_Should_Set_Result_When_Authorization_Is_Forbidden()
{
var policyEvaluator = Substitute.For <IPolicyEvaluator>();
_actionContext.HttpContext.RequestServices = Substitute.For <IServiceProvider>();
_actionContext.HttpContext.RequestServices.GetService(Arg.Any <Type>()).Returns(policyEvaluator);
var authorizeResult = PolicyAuthorizationResult.Forbid();
policyEvaluator.AuthorizeAsync(Arg.Any <AuthorizationPolicy>(), Arg.Any <AuthenticateResult>(), Arg.Any <HttpContext>(), Arg.Any <object>()).Returns(authorizeResult);
var context = new AuthorizationFilterContext(_actionContext, Substitute.For <IList <IFilterMetadata> >());
_filter.OnAuthorizationAsync(context);
context.Result.Should().BeAssignableTo <ObjectResult>();
context.Result.As <ObjectResult>().StatusCode.Should().Be(StatusCodes.Status403Forbidden);
context.Result.As <ObjectResult>().Value.Should().BeAssignableTo <ApiResponse>();
context.Result.As <ObjectResult>().Value.As <ApiResponse>().Message.Should().Be("Forbidden.");
context.Result.As <ObjectResult>().Value.As <ApiResponse>().Data.As <IEnumerable <string> >().Should().BeEquivalentTo(_authenticationScheme);
}
public async Task ForbidEachAuthenticationScheme_If_PolicyAuthorizationResultWasForbidden()
{
var authenticationServiceMock = new Mock <IAuthenticationService>();
var requestDelegate = new Mock <RequestDelegate>();
var httpContext = CreateHttpContext(authenticationServiceMock.Object);
var firstScheme = Guid.NewGuid().ToString();
var secondScheme = Guid.NewGuid().ToString();
var thirdScheme = Guid.NewGuid().ToString();
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes(firstScheme, secondScheme, thirdScheme)
.Build();
var policyAuthorizationResult = PolicyAuthorizationResult.Forbid();
var handler = CreateAuthorizationMiddlewareResultHandler();
await handler.HandleAsync(requestDelegate.Object, httpContext, policy, policyAuthorizationResult);
authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, It.IsAny <string>(), null), Times.Exactly(3));
authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, firstScheme, null), Times.Once);
authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, secondScheme, null), Times.Once);
authenticationServiceMock.Verify(service => service.ForbidAsync(httpContext, thirdScheme, null), Times.Once);
}
public async Task HandleAsync(RequestDelegate requestDelegate, HttpContext context,
AuthorizationPolicy authorizationPolicy, PolicyAuthorizationResult policyAuthorizationResult)
{
if (!policyAuthorizationResult.Succeeded)
{
context.Response.ContentType = "application/json";
if (context.User.Identity.IsAuthenticated)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
await context.Response.WriteAsync("{ \"code\": \"forbidden\", \"message\": \"You do not have authority to execute this request!\" }");
}
else
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
await context.Response.WriteAsync("{ \"code\": \"invalid_token\", \"message\": \"Invalid token information!\" }");
}
return;
}
await DefaultHandler.HandleAsync(requestDelegate, context, authorizationPolicy, policyAuthorizationResult);
}
private static async Task <PolicyAuthorizationResult> AuthorizeAsync(
IAuthorizationService service,
AuthorizationPolicy policy,
AuthenticateResult authenticationResult,
HttpContext context,
object resource)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
var result = await service.AuthorizeAsync(context.User, resource, policy);
if (result.Succeeded)
{
return(PolicyAuthorizationResult.Success());
}
return(authenticationResult.Succeeded
? PolicyAuthorizationResult.Forbid()
: PolicyAuthorizationResult.Challenge());
}
public async Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy,
PolicyAuthorizationResult authorizeResult)
{
if (authorizeResult.Challenged)
{
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(
JsonConvert.SerializeObject(new ApiResponse(HttpStatusCode.Unauthorized).JsonResultModel));
return;
}
if (authorizeResult.Forbidden)
{
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(
JsonConvert.SerializeObject(new ApiResponse(HttpStatusCode.Forbidden).JsonResultModel));
return;
}
await next.Invoke(context);
}
public async Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, object resource)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
var result = await _authorization.AuthorizeAsync(context.User, resource, policy);
if (result.Succeeded)
{
return(PolicyAuthorizationResult.Success());
}
//if (result.Failure?.FailedRequirements.Any(x => x is AuthorizationClaimsRequirement) ?? false)
//{
// context.SetErrorDetail(Errors.Code.NoAuthorizationClaims, "Authorization claim is missing from the authenticated token.");
//}
// If authentication was successful, return forbidden, otherwise challenge
return((authenticationResult.Succeeded)
? PolicyAuthorizationResult.Forbid()
: PolicyAuthorizationResult.Challenge());
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
if (context.ActionDescriptor is ControllerActionDescriptor controllerActionDescriptor)
{
if (controllerActionDescriptor.ControllerTypeInfo.IsGenericType)
{
var genericType = controllerActionDescriptor.ControllerTypeInfo.GenericTypeArguments[0];
var customNameAttribute = genericType.GetCustomAttribute <MediatRControllerAttribute>();
if (customNameAttribute != null)
{
var requestPolicies = genericType.GetCustomAttributes <AuthorizeAttribute>(inherit: true);
authorizePolicy = await AuthorizationPolicy.CombineAsync(_policyProvider, requestPolicies);
if (requestPolicies.Count() == 0)
{
return;
}
AuthenticateResult authenticateResult =
await _policyEvaluator.AuthenticateAsync(authorizePolicy, context.HttpContext);
PolicyAuthorizationResult authorizeResult =
await _policyEvaluator.AuthorizeAsync(authorizePolicy, authenticateResult, context.HttpContext, null);
if (authorizeResult.Challenged)
{
await ChallengeAsync(context);
}
else if (authorizeResult.Forbidden)
{
await ForbidAsync(context);
}
}
}
}
}
public async Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
{
if (authorizeResult.Challenged)
{
if (policy.AuthenticationSchemes.Count > 0)
{
foreach (var scheme in policy.AuthenticationSchemes)
{
await context.ChallengeAsync(scheme);
}
}
else
{
await context.ChallengeAsync();
}
return;
}
if (authorizeResult.Forbidden)
{
if (policy.AuthenticationSchemes.Count > 0)
{
foreach (var scheme in policy.AuthenticationSchemes)
{
await context.ForbidAsync(scheme);
}
}
else
{
await context.ForbidAsync();
}
return;
}
await next(context);
}
