From 4c79e73bc83df00aa81928697173de5c139bf2fb Mon Sep 17 00:00:00 2001 From: BluMichele <106175315+BluMichele@users.noreply.github.com> Date: Tue, 19 Jul 2022 16:55:19 +0200 Subject: [PATCH] Added missing lock --- .../Resource/ScopesRequiredHttpContextExtensions.cs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs b/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs index 61c6e94eb..bb533feca 100644 --- a/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs +++ b/src/Microsoft.Identity.Web/Resource/ScopesRequiredHttpContextExtensions.cs @@ -78,11 +78,14 @@ public static void VerifyUserHasAnyAcceptedScope(this HttpContext context, param if (scopeClaim == null || !scopeClaim.Value.Split(' ').Intersect(acceptedScopes).Any()) { string message = string.Format(CultureInfo.InvariantCulture, IDWebErrorMessage.MissingScopes, string.Join(",", acceptedScopes)); - - context.Response.StatusCode = (int)HttpStatusCode.Forbidden; - context.Response.WriteAsync(message); - context.Response.CompleteAsync(); - + + lock (context) + { + context.Response.StatusCode = (int)HttpStatusCode.Forbidden; + context.Response.WriteAsync(message); + context.Response.CompleteAsync(); + } + throw new UnauthorizedAccessException(message); } }