Avoid async in AuthorizationMiddleware when no metadata (#9521)

2019-04-19 11:56:05 +12:00 · 2019-04-19 11:56:05 +12:00 · c34cdefc95
parent 23efa15112
commit c34cdefc95
2 changed files with 12 additions and 8 deletions
--- a/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp3.0.cs
+++ b/src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp3.0.cs
@ -6,7 +6,6 @@ namespace Microsoft.AspNetCore.Authorization
    public partial class AuthorizationMiddleware
    {
        public AuthorizationMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider policyProvider) { }
-        [System.Diagnostics.DebuggerStepThroughAttribute]
        public System.Threading.Tasks.Task Invoke(Microsoft.AspNetCore.Http.HttpContext context) { throw null; }
    }
 }
--- a/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs
+++ b/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs
@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

 using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
@ -37,7 +38,7 @@ namespace Microsoft.AspNetCore.Authorization
            _policyProvider = policyProvider;
        }

-        public async Task Invoke(HttpContext context)
+        public Task Invoke(HttpContext context)
        {
            if (context == null)
            {
@ -49,14 +50,18 @@ namespace Microsoft.AspNetCore.Authorization
            // Flag to indicate to other systems, e.g. MVC, that authorization middleware was run for this request
            context.Items[AuthorizationMiddlewareInvokedKey] = AuthorizationMiddlewareInvokedValue;

-            // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
-            var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
-            if (authorizeData.Count() == 0)
+            var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>();
+            if (authorizeData == null || authorizeData.Count() == 0)
            {
-                await _next(context);
-                return;
+                return _next(context);
            }
-            
+
+            return EvaluatePolicy(context, endpoint, authorizeData);
+        }
+
+        private async Task EvaluatePolicy(HttpContext context, Endpoint endpoint, IEnumerable<IAuthorizeData> authorizeData)
+        {
+            // IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
            var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
            if (policy == null)
            {