public async Task Invoke(HttpContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var endpoint = context.GetEndpoint(); if (endpoint != null) { // EndpointRoutingMiddleware uses this flag to check if the Authorization middleware processed auth metadata on the endpoint. // The Authorization middleware can only make this claim if it observes an actual endpoint. context.Items[AuthorizationMiddlewareInvokedWithEndpointKey] = _authorizationMiddlewareWithEndpointInvokedValue; } // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter var authorizeData = endpoint?.Metadata.GetOrderedMetadata <ICasbinAuthorizationData>(); if (authorizeData is null || authorizeData.Count == 0) { await _next(context); return; } // Policy evaluator has transient lifetime so it fetched from request services instead of injecting in constructor var policyEvaluator = context.RequestServices.GetRequiredService <IPolicyEvaluator>(); var policy = _policyCreator.Create(authorizeData); var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context); // Allow Anonymous skips all authorization if (endpoint?.Metadata.GetMetadata <IAllowAnonymous>() != null) { await _next(context); return; } object?resource; if (AppContext.TryGetSwitch(SuppressUseHttpContextAsAuthorizationResource, out bool useEndpointAsResource) && useEndpointAsResource) { resource = endpoint; } else { resource = context; } var casbinContext = context.RequestServices.GetRequiredService <ICasbinAuthorizationContextFactory>().CreateContext(context.User, authorizeData); var authorizeResult = await context.RequestServices.GetRequiredService <ICasbinEvaluator>().AuthorizeAsync(policy, authenticateResult, context, casbinContext, resource); var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService <ICasbinAuthorizationMiddlewareResultHandler>(); await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult); }
public async Task ShouldBasicAuthorizeAsync( string userName, string resource, string action, bool expectResult) { // Arrange var user = new TestUserBuilder() .AddClaim(new Claim(ClaimTypes.NameIdentifier, userName)) .Build(); var casbinEvaluator = _serviceProvider.GetRequiredService <ICasbinEvaluator>(); var casbinContext = _casbinAuthorizationContextFactory.CreateContext(user, new CasbinAuthorizeAttribute(resource, action)); var policy = _casbinPolicyCreator.Create(casbinContext.AuthorizationData); var httpContext = new DefaultHttpContext(); var result = AuthenticateResult.Success(new AuthenticationTicket(user, _defaultScheme)); // Act var authorizationResult = await casbinEvaluator.AuthorizeAsync( policy, result, httpContext, casbinContext, httpContext); // Assert Assert.Equal(expectResult, authorizationResult.Succeeded); }