From 4c79e73bc83df00aa81928697173de5c139bf2fb Mon Sep 17 00:00:00 2001
From: BluMichele <106175315+BluMichele@users.noreply.github.com>
Date: Tue, 19 Jul 2022 16:55:19 +0200
Subject: [PATCH] Added missing lock

---
 .../Resource/ScopesRequiredHttpContextExtensions.cs | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs b/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs
index 61c6e94eb..bb533feca 100644
--- a/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs
+++ b/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs
@@ -78,11 +78,14 @@ public static void VerifyUserHasAnyAcceptedScope(this HttpContext context, param
                 if (scopeClaim == null || !scopeClaim.Value.Split(' ').Intersect(acceptedScopes).Any())
                 {
                     string message = string.Format(CultureInfo.InvariantCulture, IDWebErrorMessage.MissingScopes, string.Join(",", acceptedScopes));
-
-                    context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
-                    context.Response.WriteAsync(message);
-                    context.Response.CompleteAsync();
-
+                    
+                    lock (context)
+                    {
+                        context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                        context.Response.WriteAsync(message);
+                        context.Response.CompleteAsync();
+                    }
+                    
                     throw new UnauthorizedAccessException(message);
                 }
             }