public async Task Invoke(DownstreamContext context) { if (!IsOptionsHttpMethod(context) && IsAuthenticatedRoute(context.DownstreamReRoute)) { Logger.LogInformation("route is authenticated scopes must be checked"); var authorised = _scopesAuthoriser.Authorise(context.HttpContext.User, context.DownstreamReRoute.AuthenticationOptions.AllowedScopes); if (authorised.IsError) { Logger.LogWarning("error authorising user scopes"); SetPipelineError(context, authorised.Errors); return; } if (IsAuthorised(authorised)) { Logger.LogInformation("user scopes is authorised calling next authorisation checks"); } else { Logger.LogWarning("user scopes is not authorised setting pipeline error"); SetPipelineError(context, new UnauthorisedError( $"{context.HttpContext.User.Identity.Name} unable to access {context.DownstreamReRoute.UpstreamPathTemplate.OriginalValue}")); } } if (!IsOptionsHttpMethod(context) && IsAuthorisedRoute(context.DownstreamReRoute)) { Logger.LogInformation("route is authorised"); var authorised = _claimsAuthoriser.Authorise(context.HttpContext.User, context.DownstreamReRoute.RouteClaimsRequirement, context.TemplatePlaceholderNameAndValues); if (authorised.IsError) { Logger.LogWarning($"Error whilst authorising {context.HttpContext.User.Identity.Name}. Setting pipeline error"); SetPipelineError(context, authorised.Errors); return; } if (IsAuthorised(authorised)) { Logger.LogInformation($"{context.HttpContext.User.Identity.Name} has succesfully been authorised for {context.DownstreamReRoute.UpstreamPathTemplate.OriginalValue}."); await _next.Invoke(context); } else { Logger.LogWarning($"{context.HttpContext.User.Identity.Name} is not authorised to access {context.DownstreamReRoute.UpstreamPathTemplate.OriginalValue}. Setting pipeline error"); SetPipelineError(context, new UnauthorisedError($"{context.HttpContext.User.Identity.Name} is not authorised to access {context.DownstreamReRoute.UpstreamPathTemplate.OriginalValue}")); } } else { Logger.LogInformation($"{context.DownstreamReRoute.DownstreamPathTemplate.Value} route does not require user to be authorised"); await _next.Invoke(context); } }
public async Task Invoke(HttpContext context) { if (IsAuthenticatedRoute(DownstreamRoute.ReRoute)) { _logger.LogDebug("route is authenticated scopes must be checked"); var authorised = _scopesAuthoriser.Authorise(context.User, DownstreamRoute.ReRoute.AuthenticationOptions.AllowedScopes); if (authorised.IsError) { _logger.LogDebug("error authorising user scopes"); SetPipelineError(authorised.Errors); return; } if (IsAuthorised(authorised)) { _logger.LogDebug("user scopes is authorised calling next authorisation checks"); } else { _logger.LogDebug("user scopes is not authorised setting pipeline error"); SetPipelineError(new List <Error> { new UnauthorisedError( $"{context.User.Identity.Name} unable to access {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}") }); } } if (IsAuthorisedRoute(DownstreamRoute.ReRoute)) { _logger.LogDebug("route is authorised"); var authorised = _claimsAuthoriser.Authorise(context.User, DownstreamRoute.ReRoute.RouteClaimsRequirement); if (authorised.IsError) { _logger.LogDebug($"Error whilst authorising {context.User.Identity.Name} for {context.User.Identity.Name}. Setting pipeline error"); SetPipelineError(authorised.Errors); return; } if (IsAuthorised(authorised)) { _logger.LogDebug($"{context.User.Identity.Name} has succesfully been authorised for {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}. Calling next middleware"); await _next.Invoke(context); } else { _logger.LogDebug($"{context.User.Identity.Name} is not authorised to access {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}. Setting pipeline error"); SetPipelineError(new List <Error> { new UnauthorisedError($"{context.User.Identity.Name} is not authorised to access {DownstreamRoute.ReRoute.UpstreamPathTemplate.Value}") }); } } else { _logger.LogDebug($"{DownstreamRoute.ReRoute.DownstreamPathTemplate.Value} route does not require user to be authorised"); await _next.Invoke(context); } }