/// <inheritdoc /> public async Task InvokeAsync(HttpContext context, RequestDelegate next) { if (_runtimeState.Level < RuntimeLevel.Run || context.Request.IsBackOfficeRequest() || !_basicAuthService.IsBasicAuthEnabled()) { await next(context); return; } IPAddress clientIPAddress = context.Connection.RemoteIpAddress; if (_basicAuthService.IsIpAllowListed(clientIPAddress)) { await next(context); return; } AuthenticateResult authenticateResult = await context.AuthenticateBackOfficeAsync(); if (authenticateResult.Succeeded) { await next(context); return; } if (context.TryGetBasicAuthCredentials(out var username, out var password)) { IBackOfficeSignInManager backOfficeSignInManager = context.RequestServices.GetService <IBackOfficeSignInManager>(); if (backOfficeSignInManager is not null) { SignInResult signInResult = await backOfficeSignInManager.PasswordSignInAsync(username, password, false, true); if (signInResult.Succeeded) { await next.Invoke(context); } else { SetUnauthorizedHeader(context); } } else { SetUnauthorizedHeader(context); } } else { // no authorization header SetUnauthorizedHeader(context); } }