public Task Invoke(HttpContext httpContext) { var context = new AspNetCoreDashboardContext(_storage, _options, httpContext); var findResult = _routes.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { return(_next.Invoke(httpContext)); } // ReSharper disable once LoopCanBeConvertedToQuery foreach (var filter in _options.Authorization) { if (!filter.Authorize(context)) { var isAuthenticated = httpContext.User?.Identity?.IsAuthenticated; httpContext.Response.StatusCode = isAuthenticated == true ? (int)HttpStatusCode.Forbidden : (int)HttpStatusCode.Unauthorized; return(Task.FromResult(0)); } } context.UriMatch = findResult.Item2; return(findResult.Item1.Dispatch(context)); }
public Task Invoke(HttpContext httpContext) { var context = new AspNetCoreDashboardContext(_storage, _options, httpContext); var findResult = _routes.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { return _next.Invoke(httpContext); } // ReSharper disable once LoopCanBeConvertedToQuery foreach (var filter in _options.Authorization) { if (!filter.Authorize(context)) { // If status code has a non-default value, then it was changed // by one of authorization filters. In this case, we should // leave everything as is. if (!httpContext.Response.HasStarted && httpContext.Response.StatusCode == 200) { httpContext.Response.StatusCode = (int) HttpStatusCode.Forbidden; return httpContext.Response.WriteAsync("403 Forbidden"); } } } context.UriMatch = findResult.Item2; return findResult.Item1.Dispatch(context); }
public Task Invoke(HttpContext httpContext) { var context = new AspNetCoreDashboardContext(_storage, _options, httpContext); var findResult = _routes.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { return(_next.Invoke(httpContext)); } // ReSharper disable once LoopCanBeConvertedToQuery foreach (var filter in _options.Authorization) { if (!filter.Authorize(context)) { // If status code has a non-default value, then it was changed // by one of authorization filters. In this case, we should // leave everything as is. if (!httpContext.Response.HasStarted && httpContext.Response.StatusCode == 200) { httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return(httpContext.Response.WriteAsync("403 Forbidden")); } } } context.UriMatch = findResult.Item2; return(findResult.Item1.Dispatch(context)); }
public async Task Invoke(HttpContext httpContext) { var context = new AspNetCoreDashboardContext(_storage, _options, httpContext); var findResult = _routes.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { await _next.Invoke(httpContext); return; } // ReSharper disable once LoopCanBeConvertedToQuery foreach (var filter in _options.Authorization) { if (!filter.Authorize(context)) { httpContext.Response.StatusCode = GetUnauthorizedStatusCode(httpContext); return; } } foreach (var filter in _options.AsyncAuthorization) { if (!await filter.AuthorizeAsync(context)) { httpContext.Response.StatusCode = GetUnauthorizedStatusCode(httpContext); return; } } if (!_options.IgnoreAntiforgeryToken) { var antiforgery = httpContext.RequestServices.GetService <IAntiforgery>(); if (antiforgery != null) { var requestValid = await antiforgery.IsRequestValidAsync(httpContext); if (!requestValid) { // Invalid or missing CSRF token httpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return; } } } context.UriMatch = findResult.Item2; await findResult.Item1.Dispatch(context); }
public Task Invoke(HttpContext httpContext) { var context = new AspNetCoreDashboardContext(_storage, _options, httpContext); var findResult = _routes.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { return(_next.Invoke(httpContext)); } // ReSharper disable once LoopCanBeConvertedToQuery foreach (var filter in _options.Authorization) { if (!filter.Authorize(context)) { httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(httpContext.Response.WriteAsync("401 Unauthorized")); } } context.UriMatch = findResult.Item2; return(findResult.Item1.Dispatch(context)); }
public Task Invoke(HttpContext httpContext) { var context = new AspNetCoreDashboardContext(_storage, _options, httpContext); var findResult = _routes.FindDispatcher(httpContext.Request.Path.Value); if (findResult == null) { return _next.Invoke(httpContext); } // ReSharper disable once LoopCanBeConvertedToQuery foreach (var filter in _options.Authorization) { if (!filter.Authorize(context)) { httpContext.Response.StatusCode = (int) HttpStatusCode.Unauthorized; return httpContext.Response.WriteAsync("401 Unauthorized"); } } context.UriMatch = findResult.Item2; return findResult.Item1.Dispatch(context); }