diff --git a/src/Security/Authorization/Core/ref/Microsoft.AspNetCore.Authorization.netcoreapp3.0.cs b/src/Security/Authorization/Core/ref/Microsoft.AspNetCore.Authorization.netcoreapp3.0.cs index 8ed9b6f530..22934317c2 100644 --- a/src/Security/Authorization/Core/ref/Microsoft.AspNetCore.Authorization.netcoreapp3.0.cs +++ b/src/Security/Authorization/Core/ref/Microsoft.AspNetCore.Authorization.netcoreapp3.0.cs @@ -47,7 +47,6 @@ namespace Microsoft.AspNetCore.Authorization public AuthorizationOptions() { } public Microsoft.AspNetCore.Authorization.AuthorizationPolicy DefaultPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } } public bool InvokeHandlersAfterFailure { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } } - public Microsoft.AspNetCore.Authorization.AuthorizationPolicy RequiredPolicy { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } } public void AddPolicy(string name, Microsoft.AspNetCore.Authorization.AuthorizationPolicy policy) { } public void AddPolicy(string name, System.Action configurePolicy) { } public Microsoft.AspNetCore.Authorization.AuthorizationPolicy GetPolicy(string name) { throw null; } @@ -127,7 +126,6 @@ namespace Microsoft.AspNetCore.Authorization public DefaultAuthorizationPolicyProvider(Microsoft.Extensions.Options.IOptions options) { } public System.Threading.Tasks.Task GetDefaultPolicyAsync() { throw null; } public virtual System.Threading.Tasks.Task GetPolicyAsync(string policyName) { throw null; } - public System.Threading.Tasks.Task GetRequiredPolicyAsync() { throw null; } } public partial class DefaultAuthorizationService : Microsoft.AspNetCore.Authorization.IAuthorizationService { @@ -157,7 +155,6 @@ namespace Microsoft.AspNetCore.Authorization { System.Threading.Tasks.Task GetDefaultPolicyAsync(); System.Threading.Tasks.Task GetPolicyAsync(string policyName); - System.Threading.Tasks.Task GetRequiredPolicyAsync(); } public partial interface IAuthorizationRequirement { diff --git a/src/Security/Authorization/Core/src/AuthorizationOptions.cs b/src/Security/Authorization/Core/src/AuthorizationOptions.cs index f0c5527d2d..32df9d034a 100644 --- a/src/Security/Authorization/Core/src/AuthorizationOptions.cs +++ b/src/Security/Authorization/Core/src/AuthorizationOptions.cs @@ -27,18 +27,6 @@ namespace Microsoft.AspNetCore.Authorization /// public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); - /// - /// Gets or sets the required authorization policy. Defaults to null. - /// - /// - /// By default the required policy is null. - /// - /// If a required policy has been specified then it is always evaluated, even if there are no - /// instances for a resource. If a resource has - /// then they are evaluated together with the required policy. - /// - public AuthorizationPolicy RequiredPolicy { get; set; } - /// /// Add an authorization policy with the provided name. /// diff --git a/src/Security/Authorization/Core/src/AuthorizationPolicy.cs b/src/Security/Authorization/Core/src/AuthorizationPolicy.cs index b3b54f3003..d68087791e 100644 --- a/src/Security/Authorization/Core/src/AuthorizationPolicy.cs +++ b/src/Security/Authorization/Core/src/AuthorizationPolicy.cs @@ -176,17 +176,6 @@ namespace Microsoft.AspNetCore.Authorization } } - var requiredPolicy = await policyProvider.GetRequiredPolicyAsync(); - if (requiredPolicy != null) - { - if (policyBuilder == null) - { - policyBuilder = new AuthorizationPolicyBuilder(); - } - - policyBuilder.Combine(requiredPolicy); - } - return policyBuilder?.Build(); } } diff --git a/src/Security/Authorization/Core/src/DefaultAuthorizationPolicyProvider.cs b/src/Security/Authorization/Core/src/DefaultAuthorizationPolicyProvider.cs index f5e6652739..03bd255cd6 100644 --- a/src/Security/Authorization/Core/src/DefaultAuthorizationPolicyProvider.cs +++ b/src/Security/Authorization/Core/src/DefaultAuthorizationPolicyProvider.cs @@ -15,7 +15,6 @@ namespace Microsoft.AspNetCore.Authorization { private readonly AuthorizationOptions _options; private Task _cachedDefaultPolicy; - private Task _cachedRequiredPolicy; /// /// Creates a new instance of . @@ -40,15 +39,6 @@ namespace Microsoft.AspNetCore.Authorization return GetCachedPolicy(ref _cachedDefaultPolicy, _options.DefaultPolicy); } - /// - /// Gets the required authorization policy. - /// - /// The required authorization policy. - public Task GetRequiredPolicyAsync() - { - return GetCachedPolicy(ref _cachedRequiredPolicy, _options.RequiredPolicy); - } - private Task GetCachedPolicy(ref Task cachedPolicy, AuthorizationPolicy currentPolicy) { var local = cachedPolicy; diff --git a/src/Security/Authorization/Core/src/IAuthorizationPolicyProvider.cs b/src/Security/Authorization/Core/src/IAuthorizationPolicyProvider.cs index 4560d11e09..9e9d0f468a 100644 --- a/src/Security/Authorization/Core/src/IAuthorizationPolicyProvider.cs +++ b/src/Security/Authorization/Core/src/IAuthorizationPolicyProvider.cs @@ -22,11 +22,5 @@ namespace Microsoft.AspNetCore.Authorization /// /// The default authorization policy. Task GetDefaultPolicyAsync(); - - /// - /// Gets the required authorization policy. - /// - /// The required authorization policy. - Task GetRequiredPolicyAsync(); } } diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs index 318054fb36..6cff00b019 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs @@ -51,6 +51,12 @@ namespace Microsoft.AspNetCore.Authorization // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter var authorizeData = endpoint?.Metadata.GetOrderedMetadata() ?? Array.Empty(); + if (authorizeData.Count() == 0) + { + await _next(context); + return; + } + var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData); if (policy == null) { diff --git a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs index 655a4fbf8b..e4db07fba5 100644 --- a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs +++ b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs @@ -41,25 +41,6 @@ namespace Microsoft.AspNetCore.Authorization.Test Assert.True(next.Called); } - [Fact] - public async Task NoEndpointWithRequired_AnonymousUser_Challenges() - { - // Arrange - var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); - var policyProvider = new Mock(); - policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy); - var next = new TestRequestDelegate(); - - var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); - var context = GetHttpContext(anonymous: true); - - // Act - await middleware.Invoke(context); - - // Assert - Assert.False(next.Called); - } - [Fact] public async Task HasEndpointWithoutAuth_AnonymousUser_Allows() { @@ -79,26 +60,6 @@ namespace Microsoft.AspNetCore.Authorization.Test Assert.True(next.Called); } - [Fact] - public async Task HasEndpointWithRequiredWithoutAuth_AnonymousUser_Challenges() - { - // Arrange - var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); - var policyProvider = new Mock(); - policyProvider.Setup(p => p.GetDefaultPolicyAsync()).ReturnsAsync(policy); - policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy); - var next = new TestRequestDelegate(); - - var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); - var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint()); - - // Act - await middleware.Invoke(context); - - // Assert - Assert.False(next.Called); - } - [Fact] public async Task HasEndpointWithAuth_AnonymousUser_Challenges() { @@ -148,11 +109,8 @@ namespace Microsoft.AspNetCore.Authorization.Test var policy = new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build(); var policyProvider = new Mock(); var getPolicyCount = 0; - var getRequiredPolicyCount = 0; policyProvider.Setup(p => p.GetPolicyAsync(It.IsAny())).ReturnsAsync(policy) .Callback(() => getPolicyCount++); - policyProvider.Setup(p => p.GetRequiredPolicyAsync()).ReturnsAsync(policy) - .Callback(() => getRequiredPolicyCount++); var next = new TestRequestDelegate(); var middleware = CreateMiddleware(next.Invoke, policyProvider.Object); var context = GetHttpContext(anonymous: true, endpoint: CreateEndpoint(new AuthorizeAttribute("whatever"))); @@ -160,17 +118,14 @@ namespace Microsoft.AspNetCore.Authorization.Test // Act & Assert await middleware.Invoke(context); Assert.Equal(1, getPolicyCount); - Assert.Equal(1, getRequiredPolicyCount); Assert.Equal(1, next.CalledCount); await middleware.Invoke(context); Assert.Equal(2, getPolicyCount); - Assert.Equal(2, getRequiredPolicyCount); Assert.Equal(2, next.CalledCount); await middleware.Invoke(context); Assert.Equal(3, getPolicyCount); - Assert.Equal(3, getRequiredPolicyCount); Assert.Equal(3, next.CalledCount); } diff --git a/src/Security/samples/CustomPolicyProvider/Authorization/MinimumAgePolicyProvider.cs b/src/Security/samples/CustomPolicyProvider/Authorization/MinimumAgePolicyProvider.cs index 78852b5a30..b901260324 100644 --- a/src/Security/samples/CustomPolicyProvider/Authorization/MinimumAgePolicyProvider.cs +++ b/src/Security/samples/CustomPolicyProvider/Authorization/MinimumAgePolicyProvider.cs @@ -27,8 +27,6 @@ namespace CustomPolicyProvider public Task GetDefaultPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync(); - public Task GetRequiredPolicyAsync() => FallbackPolicyProvider.GetRequiredPolicyAsync(); - // Policies are looked up by string name, so expect 'parameters' (like age) // to be embedded in the policy names. This is abstracted away from developers // by the more strongly-typed attributes derived from AuthorizeAttribute @@ -49,4 +47,4 @@ namespace CustomPolicyProvider return FallbackPolicyProvider.GetPolicyAsync(policyName); } } -} \ No newline at end of file +}