public static async Task <AuthResult> AuthorizeUserAsync( HttpContext httpContext, AppDbContext context, string testUserName, string adminRoleName, string userRoleName, IEnumerable <string> roleNames ) { var ret = new AuthResult(); var userName = httpContext.BearerUserName(testUserName); if (string.IsNullOrEmpty(userName)) { return(ret.SetErrMsg(Role.InvalidAuthorisationToken)); } ret.AdminRole = await context.RoleByNameAsync(adminRoleName); if (ret.AdminRole == null) { return(ret.SetErrMsg(Role.AdministratorNotSetUp)); } ret.UserRole = await context.RoleByNameAsync(userRoleName); if (ret.UserRole == null) { return(ret.SetErrMsg(Role.UserRoleNotSetUp)); } ret.ApiUser = await context.UserByNameAsync(userName); if (ret.ApiUser == null) { return(ret.SetErrMsg($"Invalid User <{userName}> - please contact your administrator")); } ret.ApiUserRole = await context.RoleByIdAsync(ret.ApiUser.RoleId); if (ret.ApiUserRole == null) { return(ret.SetErrMsg($"Invalid RoleId <{ret.ApiUser.RoleId}> - please contact your administrator")); } if (!roleNames.Contains(ret.ApiUserRole.Name)) { return(ret.SetErrMsg($"Role <{ret.ApiUserRole.Name}> is not authorized to run this API. Must be one of the following roles : " + string.Join(", ", roleNames))); } return(ret); }