Merge branch 'main' into pse/add-event-hub-transport

SwissLife-OSS · Jun 12, 2024 · ecdbd00 · ecdbd00
2 parents 2f6295b + 1436740
commit ecdbd00
Showing 1 changed file with 22 additions and 16 deletions.
diff --git a/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs b/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs
@@ -30,32 +30,38 @@ public async Task InvokeAsync(HttpContext context)
 
                 return;
             }
-            else
+
+            if (context.Request.Path.StartsWithSegments("/api")
+                || context.Request.Path.StartsWithSegments("/graphql")
+                || context.Request.Path.StartsWithSegments("/signalR")
+                || context.Request.Path.StartsWithSegments("/error"))
             {
-                if (context.Request.Path.StartsWithSegments("/api")
-                    || context.Request.Path.StartsWithSegments("/graphql")
-                    || context.Request.Path.StartsWithSegments("/signalR")
-                    || context.Request.Path.StartsWithSegments("/error"))
+                if (HasIdOpsRole(context))
                 {
-                    if (HasIdOpsRole(context))
-                    {
-                        await _next(context);
-                    }
-                    else
-                    {
-                        context.Response.StatusCode = 403;
-                        await context.Response.WriteAsync("Access denied!");
-                    }
+                    await _next(context);
                 }
-                else if (!context.User.Identity.IsAuthenticated)
+                else
+                {
+                    context.Response.StatusCode = 403;
+                    await context.Response.WriteAsync("Access denied!");
+                }
+            }
+            else if (!context.User.Identity.IsAuthenticated)
+            {
+                if (context.Request.Path == "/")
                 {
                     await context.ChallengeAsync();
                 }
                 else
                 {
-                    await _next(context);
+                    context.Response.StatusCode = 403;
+                    await context.Response.WriteAsync("Access denied!");
                 }
             }
+            else
+            {
+                await _next(context);
+            }
         }
 
         private bool HasIdOpsRole(HttpContext context)