44 lines
1.6 KiB
C#
44 lines
1.6 KiB
C#
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
|
|
namespace AMWD.Common.AspNetCore.Security.PathProtection
|
|
{
|
|
/// <summary>
|
|
/// Implements a check to provide protected paths.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Initializes a new instance of the <see cref="ProtectedPathExtensions"/> class.
|
|
/// </remarks>
|
|
/// <param name="next">The following delegate in the process chain.</param>
|
|
/// <param name="options">The options to configure the middleware.</param>
|
|
public class ProtectedPathMiddleware(RequestDelegate next, ProtectedPathOptions options)
|
|
{
|
|
private readonly RequestDelegate _next = next;
|
|
private readonly PathString _path = options.Path;
|
|
private readonly string _policyName = options.PolicyName;
|
|
|
|
/// <summary>
|
|
/// The delegate invokation.
|
|
/// Performs the protection check.
|
|
/// </summary>
|
|
/// <param name="httpContext">The corresponding HTTP context.</param>
|
|
/// <param name="authorizationService">The <see cref="IAuthorizationService"/>.</param>
|
|
/// <returns>An awaitable task.</returns>
|
|
public async Task InvokeAsync(HttpContext httpContext, IAuthorizationService authorizationService)
|
|
{
|
|
if (httpContext.Request.Path.StartsWithSegments(_path))
|
|
{
|
|
var result = await authorizationService.AuthorizeAsync(httpContext.User, null, _policyName).ConfigureAwait(false);
|
|
if (!result.Succeeded)
|
|
{
|
|
await httpContext.ChallengeAsync().ConfigureAwait(false);
|
|
return;
|
|
}
|
|
}
|
|
await _next.Invoke(httpContext).ConfigureAwait(false);
|
|
}
|
|
}
|
|
}
|