/// <summary> /// Combines the <see cref="AuthorizationPolicy"/> provided by the specified /// <paramref name="policyProvider"/>. /// </summary> /// <param name="policyProvider">A <see cref="IAuthorizationPolicyProvider"/> which provides the policies to combine.</param> /// <param name="authorizeData">A collection of authorization data used to apply authorization to a resource.</param> /// <returns> /// A new <see cref="AuthorizationPolicy"/> which represents the combination of the /// authorization policies provided by the specified <paramref name="policyProvider"/>. /// </returns> public static async Task <AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable <IAuthorizeData> authorizeData) { if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (authorizeData == null) { throw new ArgumentNullException(nameof(authorizeData)); } // Avoid allocating enumerator if the data is known to be empty var skipEnumeratingData = false; if (authorizeData is IList <IAuthorizeData> dataList) { skipEnumeratingData = dataList.Count == 0; } AuthorizationPolicyBuilder policyBuilder = null; if (!skipEnumeratingData) { foreach (var authorizeDatum in authorizeData) { if (policyBuilder == null) { policyBuilder = new AuthorizationPolicyBuilder(); } var useDefaultPolicy = true; if (!string.IsNullOrWhiteSpace(authorizeDatum.Policy)) { var policy = await policyProvider.GetPolicyAsync(authorizeDatum.Policy); if (policy == null) { throw new InvalidOperationException(Resources.FormatException_AuthorizationPolicyNotFound(authorizeDatum.Policy)); } policyBuilder.Combine(policy); useDefaultPolicy = false; } var rolesSplit = authorizeDatum.Roles?.Split(','); if (rolesSplit != null && rolesSplit.Any()) { var trimmedRolesSplit = rolesSplit.Where(r => !string.IsNullOrWhiteSpace(r)).Select(r => r.Trim()); policyBuilder.RequireRole(trimmedRolesSplit); useDefaultPolicy = false; } var authTypesSplit = authorizeDatum.AuthenticationSchemes?.Split(','); if (authTypesSplit != null && authTypesSplit.Any()) { foreach (var authType in authTypesSplit) { if (!string.IsNullOrWhiteSpace(authType)) { policyBuilder.AuthenticationSchemes.Add(authType.Trim()); } } } if (useDefaultPolicy) { policyBuilder.Combine(await policyProvider.GetDefaultPolicyAsync()); } } } var requiredPolicy = await policyProvider.GetRequiredPolicyAsync(); if (requiredPolicy != null) { if (policyBuilder == null) { policyBuilder = new AuthorizationPolicyBuilder(); } policyBuilder.Combine(requiredPolicy); } return(policyBuilder?.Build()); }