public async Task Invoke(HttpContext httpContext) { User user = httpContext.Session.Get <User>("user"); IRbacService rbac = (IRbacService)httpContext.RequestServices.GetService(typeof(IRbacService)); HttpRequest path = httpContext.Request; if (!rbac.Check(user, path)) { await httpContext.Response.WriteAsync(@"禁止访问"); } else { await _next(httpContext); } }