diff --git a/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs b/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs index cef4275..8acfa53 100644 --- a/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs +++ b/src/Server/src/AspNet/Security/EnsureAuthenticatedMiddleware.cs @@ -30,32 +30,38 @@ public async Task InvokeAsync(HttpContext context) return; } - else + + if (context.Request.Path.StartsWithSegments("/api") + || context.Request.Path.StartsWithSegments("/graphql") + || context.Request.Path.StartsWithSegments("/signalR") + || context.Request.Path.StartsWithSegments("/error")) { - if (context.Request.Path.StartsWithSegments("/api") - || context.Request.Path.StartsWithSegments("/graphql") - || context.Request.Path.StartsWithSegments("/signalR") - || context.Request.Path.StartsWithSegments("/error")) + if (HasIdOpsRole(context)) { - if (HasIdOpsRole(context)) - { - await _next(context); - } - else - { - context.Response.StatusCode = 403; - await context.Response.WriteAsync("Access denied!"); - } + await _next(context); } - else if (!context.User.Identity.IsAuthenticated) + else + { + context.Response.StatusCode = 403; + await context.Response.WriteAsync("Access denied!"); + } + } + else if (!context.User.Identity.IsAuthenticated) + { + if (context.Request.Path == "/") { await context.ChallengeAsync(); } else { - await _next(context); + context.Response.StatusCode = 403; + await context.Response.WriteAsync("Access denied!"); } } + else + { + await _next(context); + } } private bool HasIdOpsRole(HttpContext context)