/// <inheritdoc/> public async Task <ITenant> GetRequestingTenantAsync(string tenantId) { ITenant tenant = await this.GetTenantAsync(tenantId).ConfigureAwait(false); // Validate it's of the expected type. This will throw an ArgumentException if the tenant is not of the expected // type. This is not particularly useful, so we will catch this and instead throw an exception that will result // in a Not Found response. try { tenant.EnsureTenantIsOfType(MarainTenantType.Client, MarainTenantType.Delegated); } catch (ArgumentException) { throw new OpenApiNotFoundException($"The specified tenant Id, '{tenantId}', is of the wrong type for this request"); } // Ensure the tenant is enrolled for the service. if (!tenant.IsEnrolledForService(this.serviceConfiguration.ServiceTenantId)) { throw OpenApiForbiddenException.WithProblemDetails( "Tenant not enrolled for service", $"The tenant with Id '{tenantId}' is not enrolled in the service '{this.serviceConfiguration.ServiceDisplayName}' with Service Tenant Id '{this.serviceConfiguration.ServiceTenantId}'"); } return(tenant); }
private async Task CheckAccessPoliciesAsync( IOpenApiContext context, string path, string method, string operationId) { AccessControlPolicyResult result = await this.accessChecker.CheckAccessPolicyAsync(context, path, operationId, method).ConfigureAwait(false); if (result.ResultType == AccessControlPolicyResultType.NotAuthenticated) { Exception x = this.configuration.AccessPolicyUnauthenticatedResponse switch { ResponseWhenUnauthenticated.Unauthorized => new OpenApiUnauthorizedException("Unauthorized"), ResponseWhenUnauthenticated.Forbidden => OpenApiForbiddenException.WithoutProblemDetails("Forbidden"), ResponseWhenUnauthenticated.ServerError => new OpenApiServiceMismatchException("Unauthenticated requests should not be reaching this service"), _ => new OpenApiServiceMismatchException($"Unknown AccessPolicyUnauthenticatedResponse: {this.configuration.AccessPolicyUnauthenticatedResponse}"), }; if (!string.IsNullOrWhiteSpace(result.Explanation)) { x.AddProblemDetailsExplanation(result.Explanation !); // ! required as netstandard2.0 lacks nullable attributes } throw x; } if (!result.Allow) { throw string.IsNullOrWhiteSpace(result.Explanation) ? OpenApiForbiddenException.WithoutProblemDetails("Forbidden") : OpenApiForbiddenException.WithProblemDetails("Forbidden", result.Explanation); } }