public async Task Invoke(HttpContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var endpoint = context.GetEndpoint();
if (endpoint != null)
{
// EndpointRoutingMiddleware uses this flag to check if the Authorization middleware processed auth metadata on the endpoint.
// The Authorization middleware can only make this claim if it observes an actual endpoint.
context.Items[AuthorizationMiddlewareInvokedWithEndpointKey] = _authorizationMiddlewareWithEndpointInvokedValue;
}
// IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
var authorizeData = endpoint?.Metadata.GetOrderedMetadata <ICasbinAuthorizationData>();
if (authorizeData is null || authorizeData.Count == 0)
{
await _next(context);
return;
}
// Policy evaluator has transient lifetime so it fetched from request services instead of injecting in constructor
var policyEvaluator = context.RequestServices.GetRequiredService <IPolicyEvaluator>();
var policy = _policyCreator.Create(authorizeData);
var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context);
// Allow Anonymous skips all authorization
if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null)
{
await _next(context);
return;
}
object?resource;
if (AppContext.TryGetSwitch(SuppressUseHttpContextAsAuthorizationResource, out bool useEndpointAsResource) && useEndpointAsResource)
{
resource = endpoint;
}
else
{
resource = context;
}
var casbinContext = context.RequestServices.GetRequiredService <ICasbinAuthorizationContextFactory>().CreateContext(context.User, authorizeData);
var authorizeResult = await context.RequestServices.GetRequiredService <ICasbinEvaluator>().AuthorizeAsync(policy, authenticateResult, context, casbinContext, resource);
var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService <ICasbinAuthorizationMiddlewareResultHandler>();
await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult);
}
public async Task ShouldBasicAuthorizeAsync(
string userName, string resource, string action, bool expectResult)
{
// Arrange
var user = new TestUserBuilder()
.AddClaim(new Claim(ClaimTypes.NameIdentifier, userName))
.Build();
var casbinEvaluator = _serviceProvider.GetRequiredService <ICasbinEvaluator>();
var casbinContext = _casbinAuthorizationContextFactory.CreateContext(user,
new CasbinAuthorizeAttribute(resource, action));
var policy = _casbinPolicyCreator.Create(casbinContext.AuthorizationData);
var httpContext = new DefaultHttpContext();
var result = AuthenticateResult.Success(new AuthenticationTicket(user, _defaultScheme));
// Act
var authorizationResult = await casbinEvaluator.AuthorizeAsync(
policy, result, httpContext, casbinContext, httpContext);
// Assert
Assert.Equal(expectResult, authorizationResult.Succeeded);
}
