public static async Task <bool> AuthenticateAsync(IRequest req, object requestDto = null, IAuthSession session = null, IAuthProvider[] authProviders = null) { if (HostContext.HasValidAuthSecret(req)) { return(true); } session ??= await(req ?? throw new ArgumentNullException(nameof(req))).GetSessionAsync().ConfigAwait(); authProviders ??= AuthenticateService.GetAuthProviders(); var authValidate = HostContext.GetPlugin <AuthFeature>()?.OnAuthenticateValidate; var ret = authValidate?.Invoke(req); if (ret != null) { return(false); } req.PopulateFromRequestIfHasSessionId(requestDto); if (!req.Items.ContainsKey(Keywords.HasPreAuthenticated)) { //Unauthorized or invalid requests will terminate the response and return false var mockResponse = new BasicRequest().Response; req.Items[Keywords.HasPreAuthenticated] = true; foreach (var authWithRequest in authProviders.OfType <IAuthWithRequest>()) { await authWithRequest.PreAuthenticateAsync(req, mockResponse).ConfigAwait(); if (mockResponse.IsClosed) { return(false); } } foreach (var authWithRequest in authProviders.OfType <IAuthWithRequestSync>()) { authWithRequest.PreAuthenticate(req, mockResponse); if (mockResponse.IsClosed) { return(false); } } } var sessionIsAuthenticated = session != null && (authProviders.Length > 0 ? authProviders.Any(x => session.IsAuthorized(x.Provider)) : session.IsAuthenticated); return(sessionIsAuthenticated); }