huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Avoid async in AuthorizationMiddleware when no metadata (#9521)

This commit is contained in:
James Newton-King 2019-04-19 11:56:05 +12:00 committed by GitHub
parent 23efa15112
commit c34cdefc95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Security/Authorization/Policy/ref/Microsoft.AspNetCore.Authorization.Policy.netcoreapp3.0.cs
View File

@ -6,7 +6,6 @@ namespace Microsoft.AspNetCore.Authorization
public partial class AuthorizationMiddleware public partial class AuthorizationMiddleware
{ {
public AuthorizationMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider policyProvider) { } public AuthorizationMiddleware(Microsoft.AspNetCore.Http.RequestDelegate next, Microsoft.AspNetCore.Authorization.IAuthorizationPolicyProvider policyProvider) { }
[System.Diagnostics.DebuggerStepThroughAttribute]
public System.Threading.Tasks.Task Invoke(Microsoft.AspNetCore.Http.HttpContext context) { throw null; } public System.Threading.Tasks.Task Invoke(Microsoft.AspNetCore.Http.HttpContext context) { throw null; }
} }
} }

19
src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs
View File

@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System; using System;
using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
@ -37,7 +38,7 @@ namespace Microsoft.AspNetCore.Authorization
_policyProvider = policyProvider; _policyProvider = policyProvider;
} }
public async Task Invoke(HttpContext context) public Task Invoke(HttpContext context)
{ {
if (context == null) if (context == null)
{ {
@ -49,14 +50,18 @@ namespace Microsoft.AspNetCore.Authorization
// Flag to indicate to other systems, e.g. MVC, that authorization middleware was run for this request // Flag to indicate to other systems, e.g. MVC, that authorization middleware was run for this request
context.Items[AuthorizationMiddlewareInvokedKey] = AuthorizationMiddlewareInvokedValue; context.Items[AuthorizationMiddlewareInvokedKey] = AuthorizationMiddlewareInvokedValue;
// IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>();
var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>(); if (authorizeData == null || authorizeData.Count() == 0)
if (authorizeData.Count() == 0)
{ {
await _next(context); return _next(context);
return;
} }
return EvaluatePolicy(context, endpoint, authorizeData);
}
private async Task EvaluatePolicy(HttpContext context, Endpoint endpoint, IEnumerable<IAuthorizeData> authorizeData)
{
// IMPORTANT: Changes to authorization logic should be mirrored in MVC's AuthorizeFilter
var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData); var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
if (policy == null) if (policy == null)
{ {