From 8541bf6c980558b14131620aea8a7c73af435050 Mon Sep 17 00:00:00 2001
From: Hao Kung <HaoK@users.noreply.github.com>
Date: Fri, 19 Jun 2020 18:14:47 -0700
Subject: [PATCH] Flow endpoint and httpcontext always from authz middleware
 (#22672)

---
 .../Policy/src/AuthorizationMiddleware.cs              |  3 +--
 .../Authorization/test/AuthorizationMiddlewareTests.cs | 10 ++++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs
index 8963a130bf..119cc75c92 100644
--- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs
+++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs
@@ -61,8 +61,7 @@ namespace Microsoft.AspNetCore.Authorization
                 return;
             }
 
-            // Note that the resource will be null if there is no matched endpoint
-            var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: endpoint);
+            var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: context);
 
             var authorizationMiddlewareResultHandler = context.RequestServices.GetRequiredService<IAuthorizationMiddlewareResultHandler>();
             await authorizationMiddlewareResultHandler.HandleAsync(_next, context, policy, authorizeResult);
diff --git a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs
index e1e50f0602..effe426a3b 100644
--- a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs
+++ b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs
@@ -314,13 +314,13 @@ namespace Microsoft.AspNetCore.Authorization.Test
         }
 
         [Fact]
-        public async Task AuthZResourceShouldBeEndpoint()
+        public async Task AuthZResourceShouldBeHttpContextAndHaveHEndpoint()
         {
             // Arrange
-            object resource = null;
+            HttpContext resource = null;
             var policy = new AuthorizationPolicyBuilder().RequireAssertion(c =>
             {
-                resource = c.Resource;
+                resource = c.Resource as HttpContext;
                 return true;
             }).Build();
             var policyProvider = new Mock<IAuthorizationPolicyProvider>();
@@ -335,7 +335,9 @@ namespace Microsoft.AspNetCore.Authorization.Test
             await middleware.Invoke(context);
 
             // Assert
-            Assert.Equal(endpoint, resource);
+            Assert.NotNull(resource);
+            Assert.Equal(context, resource);
+            Assert.Equal(endpoint, resource.GetEndpoint());
         }
 
         [Fact]