Fix check for auth services in middleware auto-registration (#43205)

captainsafia · web-flow · commit efb694ca175e · 2022-08-11T02:44:10.000Z
diff --git a/src/DefaultBuilder/src/Microsoft.AspNetCore.csproj b/src/DefaultBuilder/src/Microsoft.AspNetCore.csproj
@@ -36,6 +36,7 @@
 
   <ItemGroup>
     <InternalsVisibleTo Include="Microsoft.AspNetCore.Authentication.Test" />
+    <InternalsVisibleTo Include="Microsoft.AspNetCore.Authorization.Test" />
   </ItemGroup>
 
 </Project>
diff --git a/src/DefaultBuilder/src/WebApplicationBuilder.cs b/src/DefaultBuilder/src/WebApplicationBuilder.cs
@@ -172,7 +172,8 @@ private void ConfigureApplication(WebHostBuilderContext context, IApplicationBui
 
         // Process authorization and authentication middlewares independently to avoid
         // registering middlewares for services that do not exist
-        if (_builtApplication.Services.GetService<IAuthenticationSchemeProvider>() is not null)
+        var serviceProviderIsService = _builtApplication.Services.GetService<IServiceProviderIsService>();
+        if (serviceProviderIsService?.IsService(typeof(IAuthenticationSchemeProvider)) is true)
         {
             // Don't add more than one instance of the middleware
             if (!_builtApplication.Properties.ContainsKey(AuthenticationMiddlewareSetKey))
@@ -184,7 +185,7 @@ private void ConfigureApplication(WebHostBuilderContext context, IApplicationBui
             }
         }
 
-        if (_builtApplication.Services.GetService<IAuthorizationHandlerProvider>() is not null)
+        if (serviceProviderIsService?.IsService(typeof(IAuthorizationHandlerProvider)) is true)
         {
             if (!_builtApplication.Properties.ContainsKey(AuthorizationMiddlewareSetKey))
             {
diff --git a/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs b/src/Security/Authorization/test/AuthorizationMiddlewareTests.cs
@@ -5,8 +5,11 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization.Policy;
 using Microsoft.AspNetCore.Authorization.Test.TestObjects;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
 using Moq;
 
 namespace Microsoft.AspNetCore.Authorization.Test;
@@ -658,6 +661,27 @@ public async Task IAuthenticateResultFeature_UsesExistingFeatureAndResult_Withou
         Assert.Same(authenticateResult, authenticateResultFeature.AuthenticateResult);
     }
 
+    // Validation for https://github.com/dotnet/aspnetcore/issues/43188
+    [Fact]
+    public async Task WebApplicationBuilder_CanRegisterAuthzMiddlewareWithScopedService()
+    {
+        var builder = WebApplication.CreateBuilder(new WebApplicationOptions()
+        {
+            EnvironmentName = Environments.Development
+        });
+        builder.Services.AddAuthorization();
+        builder.Services.AddScoped<IAuthorizationHandler, TestAuthorizationHandler>();
+        using var app = builder.Build();
+
+        Assert.False(app.Properties.ContainsKey("__AuthenticationMiddlewareSet"));
+        Assert.False(app.Properties.ContainsKey("__AuthorizationMiddlewareSet"));
+
+        await app.StartAsync();
+
+        Assert.False(app.Properties.ContainsKey("__AuthenticationMiddlewareSet"));
+        Assert.True(app.Properties.ContainsKey("__AuthorizationMiddlewareSet"));
+    }
+
     private AuthorizationMiddleware CreateMiddleware(RequestDelegate requestDelegate = null, IAuthorizationPolicyProvider policyProvider = null)
     {
         requestDelegate = requestDelegate ?? ((context) => Task.CompletedTask);
@@ -724,6 +748,11 @@ private HttpContext GetHttpContext(
         return httpContext;
     }
 
+    public class TestAuthorizationHandler : IAuthorizationHandler
+    {
+        public Task HandleAsync(AuthorizationHandlerContext context) => Task.CompletedTask;
+    }
+
     private class TestRequestDelegate
     {
         private readonly int _statusCode;
diff --git a/src/Security/Authorization/test/Microsoft.AspNetCore.Authorization.Test.csproj b/src/Security/Authorization/test/Microsoft.AspNetCore.Authorization.Test.csproj
@@ -5,6 +5,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <Reference Include="Microsoft.AspNetCore" />
     <Reference Include="Microsoft.AspNetCore.Authorization" />
     <Reference Include="Microsoft.AspNetCore.Authorization.Policy" />
     <Reference Include="Microsoft.AspNetCore.Http" />

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,8 @@ private void ConfigureApplication(WebHostBuilderContext context, IApplicationBui`
`172`	`172`
`173`	`173`	`// Process authorization and authentication middlewares independently to avoid`
`174`	`174`	`// registering middlewares for services that do not exist`
`175`		`- if (_builtApplication.Services.GetService<IAuthenticationSchemeProvider>() is not null)`
	`175`	`+ var serviceProviderIsService = _builtApplication.Services.GetService<IServiceProviderIsService>();`
	`176`	`+ if (serviceProviderIsService?.IsService(typeof(IAuthenticationSchemeProvider)) is true)`
`176`	`177`	`{`
`177`	`178`	`// Don't add more than one instance of the middleware`
`178`	`179`	`if (!_builtApplication.Properties.ContainsKey(AuthenticationMiddlewareSetKey))`
`@@ -184,7 +185,7 @@ private void ConfigureApplication(WebHostBuilderContext context, IApplicationBui`
`184`	`185`	`}`
`185`	`186`	`}`
`186`	`187`
`187`		`- if (_builtApplication.Services.GetService<IAuthorizationHandlerProvider>() is not null)`
	`188`	`+ if (serviceProviderIsService?.IsService(typeof(IAuthorizationHandlerProvider)) is true)`
`188`	`189`	`{`
`189`	`190`	`if (!_builtApplication.Properties.ContainsKey(AuthorizationMiddlewareSetKey))`
`190`	`191`	`{`