Flow endpoint and httpcontext always from authz middleware (#22672)

src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs

@@ -61,8 +61,7 @@ namespace Microsoft.AspNetCore.Authorization
                 return;
             }
 
-            // Note that the resource will be null if there is no matched endpoint
-            var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: endpoint);
+            var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: context);
 
             var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService<IAuthorizationMiddlewareResultHandler>();
             await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult);

src/Security/Authorization/test/AuthorizationMiddlewareTests.cs

@@ -314,13 +314,13 @@ namespace Microsoft.AspNetCore.Authorization.Test
         }
 
         [Fact]
-        public async Task AuthZResourceShouldBeEndpoint()
+        public async Task AuthZResourceShouldBeHttpContextAndHaveHEndpoint()
         {
             // Arrange
-            object resource = null;
+            HttpContext resource = null;
             var policy = new AuthorizationPolicyBuilder().RequireAssertion(c =>
             {
-                resource = c.Resource;
+                resource = c.Resource as HttpContext;
                 return true;
             }).Build();
             var policyProvider = new Mock<IAuthorizationPolicyProvider>();
@@ -335,7 +335,9 @@ namespace Microsoft.AspNetCore.Authorization.Test
             await middleware.Invoke(context);
 
             // Assert
-            Assert.Equal(endpoint, resource);
+            Assert.NotNull(resource);
+            Assert.Equal(context, resource);
+            Assert.Equal(endpoint, resource.GetEndpoint());
         }
 
         [Fact]