public Task ProcessRequest(HttpContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
var response = context.Response;
// Add the nosniff header for all responses to prevent IE from trying to sniff mime type from contents
context.Response.Headers["X-Content-Type-Options"] = "nosniff";
if (AuthorizeRequest(context.Request))
{
return ProcessRequestCore(context);
}
if (context.User != null &&
context.User.Identity.IsAuthenticated)
{
// If the user is authenticated and authorize failed then 403
response.StatusCode = 403;
}
else
{
// If we failed to authorize the request then return a 401
response.StatusCode = 401;
}
return TaskAsyncHelper.Empty;
}