public async Task <bool> IsAuthorizedAsync(Operation operation, IRequest req, IAuthSession session)
        {
            if (HostContext.HasValidAuthSecret(req))
            {
                return(true);
            }

            if (operation.RequiresAuthentication && !session.IsAuthenticated)
            {
                return(false);
            }

            var authRepo = HostContext.AppHost.GetAuthRepositoryAsync(req);

#if NET472 || NETCORE
            await using (authRepo as IAsyncDisposable)
#else
            using (authRepo as IDisposable)
#endif
            {
                var allRoles = await session.GetRolesAsync(authRepo).ConfigAwait();

                if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(allRoles.Contains))
                {
                    return(false);
                }

                var allPerms = await session.GetPermissionsAsync(authRepo).ConfigAwait();

                if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(allPerms.Contains))
                {
                    return(false);
                }

                if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(allRoles.Contains))
                {
                    return(false);
                }

                if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(allPerms.Contains))
                {
                    return(false);
                }

                return(true);
            }
        }