Esempio n. 1
0
        public override async Task OnAuthorizationAsync([NotNull] AuthorizationContext context)
        {
            var httpContext = context.HttpContext;

            // Allow Anonymous skips all authorization
            if (HasAllowAnonymous(context))
            {
                return;
            }

            var authService = httpContext.RequestServices.GetRequiredService <IAuthorizationService>();

            // Build a policy for the requested roles if specified
            if (_rolesSplit != null)
            {
                var rolesPolicy = new AuthorizationPolicyBuilder();
                rolesPolicy.RequiresRole(_rolesSplit);
                if (!await authService.AuthorizeAsync(rolesPolicy.Build(), httpContext, context))
                {
                    Fail(context);
                    return;
                }
            }

            var authorized = (Policy == null)
                             // [Authorize] with no policy just requires any authenticated user
                ? await authService.AuthorizeAsync(BuildAnyAuthorizedUserPolicy(), httpContext, context)
                : await authService.AuthorizeAsync(Policy, httpContext, context);

            if (!authorized)
            {
                Fail(context);
            }
        }