public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { // If user is somehow is an invalid state, challenge if (context.HttpContext.User?.Identity.IsAuthenticated == false) { context.Result = new ChallengeResult(); return; } // Retrieve client and tenantId from DI var client = GetGrpcClient(context.HttpContext); var tenantId = GetTenantProvider(context.HttpContext).GetCurrentRequestTenant().Id; var request = new PermissionAuthorizeRequest() { UserId = context.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value, TenantId = tenantId, }; request.Perms.AddRange(Permissions); // Send and set context.Result based on reply var reply = await client.AuthorizeAsync(request); SetContextResultOnReply(context, reply); }
/// <summary> /// Returns whether the current user has the given permission(s) within the scope of the specified tenant. /// </summary> public override async Task <AuthorizeDecision> Authorize(PermissionAuthorizeRequest request, ServerCallContext ctx) => await _remoteAuthEvaluator.EvaluateAsync(request.UserId, request.TenantId, request.Perms.ToArray());