I followed the code examples on https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-7.0#use-a-handler-for-one-requirement
This all appears to work, but in order to use async/await calls I had to make some changes to the example provided by Microsoft and as this is security related I a little unsure and would appreciate some clarification.
Basically the changes I made were
- Changed "Task" to "async TASK" on function defination
- Changed "return Task.CompletedTask" to just "return;" (1st instance)
- Remove the 2nd "return Task.CompletedTask" at the end of the function as as dont think its needed
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, SystemRoleRequirement2 requirement)
{
if (!context.User.HasClaim(c => c.Type == ClaimTypes.Name)) { return; } // Task.CompletedTask;
var Result = (await _idb.QueryAsync<int>(cSQL.Security.SystemRoleAccess2, "SecurityReadOnly", new { UserID = context.User.ReadID(), requirement.SystemRoleIDs }))
.SingleOrDefault();
if (Result > 0) context.Succeed(requirement);
//return Task.CompletedTask;
}
Can anyone confirm that this is the correct way to implement the security handler with await calls.
>Solution :
Given a method
private Task Foo(string input)
{
if (input is null)
{
return Task.Complete;
}
input += " is processed";
return Task.Complete;
}
The equivalent with async would be
private async Task Foo(string input)
{
if (input is null)
{
return;
}
input += " is processed";
return; // not needed as it's the last statement
}
So yes, your modifications are correct.