From f54a9648156d040fa455daffb680001a9928167d Mon Sep 17 00:00:00 2001
From: Hao Kung <haok@microsoft.com>
Date: Tue, 24 May 2016 14:42:54 -0700
Subject: [PATCH] AuthZFilter should call into Service more

---
 .../Authorization/AuthorizeFilter.cs          |  6 ++--
 .../Authorization/AuthorizeFilterTest.cs      | 29 +++++++++++++++++++
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs b/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs
index b5542e5838..520eb2fc23 100644
--- a/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs
+++ b/src/Microsoft.AspNetCore.Mvc.Core/Authorization/AuthorizeFilter.cs
@@ -39,7 +39,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
         public AuthorizationPolicy Policy { get; }
 
         /// <inheritdoc />
-        public virtual async Task OnAuthorizationAsync(Filters.AuthorizationFilterContext context)
+        public virtual async Task OnAuthorizationAsync(AuthorizationFilterContext context)
         {
             if (context == null)
             {
@@ -76,9 +76,7 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
             var authService = httpContext.RequestServices.GetRequiredService<IAuthorizationService>();
 
             // Note: Default Anonymous User is new ClaimsPrincipal(new ClaimsIdentity())
-            if (httpContext.User == null ||
-                !httpContext.User.Identities.Any(i => i.IsAuthenticated) ||
-                !await authService.AuthorizeAsync(httpContext.User, context, Policy))
+            if (!await authService.AuthorizeAsync(httpContext.User, context, Policy))
             {
                 context.Result = new ChallengeResult(Policy.AuthenticationSchemes.ToArray());
             }
diff --git a/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs b/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs
index 96a7c9df36..276d37cb63 100644
--- a/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs
+++ b/test/Microsoft.AspNetCore.Mvc.Core.Test/Authorization/AuthorizeFilterTest.cs
@@ -26,6 +26,35 @@ namespace Microsoft.AspNetCore.Mvc.Authorization
             Assert.True(authorizationContext.HttpContext.User.Identities.Any(i => i.IsAuthenticated));
         }
 
+        [Fact]
+        public async Task AuthorizeFilterCanAuthorizeNonAuthenticatedUser()
+        {
+            // Arrange
+            var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
+            var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true);
+            authorizationContext.HttpContext.User = new ClaimsPrincipal();
+
+            // Act
+            await authorizeFilter.OnAuthorizationAsync(authorizationContext);
+
+            // Assert
+            Assert.Null(authorizationContext.Result);
+        }
+
+        [Fact]
+        public async Task AuthorizeFilterCanAuthorizeNullUser()
+        {
+            // Arrange
+            var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAssertion(_ => true).Build());
+            var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(), anonymous: true);
+
+            // Act
+            await authorizeFilter.OnAuthorizationAsync(authorizationContext);
+
+            // Assert
+            Assert.Null(authorizationContext.Result);
+        }
+
         [Fact]
         public async Task Invoke_ValidClaimShouldNotFail()
         {