public async Task HandleAsync( RequestDelegate requestDelegate, HttpContext httpContext, AuthorizationPolicy authorizationPolicy, PolicyAuthorizationResult policyAuthorizationResult) { // if the authorization was forbidden, let's use custom logic to handle that. if (policyAuthorizationResult.Forbidden && policyAuthorizationResult.AuthorizationFailure != null) { // as an example, let's return 404 if specific requirement has failed if (policyAuthorizationResult.AuthorizationFailure.FailedRequirements.Any(requirement => requirement is SampleRequirement)) { httpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; await httpContext.Response.WriteAsync(Startup.CustomForbiddenMessage); // return right away as the default implementation would overwrite the status code return; } else if (policyAuthorizationResult.AuthorizationFailure.FailedRequirements.Any(requirement => requirement is SampleWithCustomMessageRequirement)) { // if other requirements failed, let's just use a custom message // but we have to use OnStarting callback because the default handlers will want to modify i.e. status code of the response // and modifications of the response are not allowed once the writing has started var message = Startup.CustomForbiddenMessage; httpContext.Response.OnStarting(() => httpContext.Response.BodyWriter.WriteAsync(Encoding.UTF8.GetBytes(message)).AsTask()); } } await _handler.HandleAsync(requestDelegate, httpContext, authorizationPolicy, policyAuthorizationResult); }
public async Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) { if (authorizeResult.Forbidden && authorizeResult.AuthorizationFailure != null) { if (authorizeResult.AuthorizationFailure.FailedRequirements.Any(req => req is ExpiredPaymentRequirement)) { var user = await _userManager.GetUserAsync(context.User); user.IsBlocked = true; await _userManager.UpdateAsync(user); await _signInManager.SignOutAsync(); } } await _handler.HandleAsync(next, context, policy, authorizeResult); }