public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
  if (env.IsDevelopment())
  {
    app.UseDeveloperExceptionPage();
  }

  // Matches request to an endpoint.
  app.UseRouting();

  // Endpoint aware middleware. 
  // Middleware can use metadata from the matched endpoint.
  app.UseAuthentication();
  app.UseAuthorization();

  // Execute the matched endpoint.
  app.UseEndpoints(endpoints =>
  {
    // Configure the Health Check endpoint and require an authorized user.
    endpoints.MapHealthChecks("/healthz").RequireAuthorization();

    // Configure another endpoint, no authorization requirements.
    endpoints.MapGet("/", async context =>
    {
      await context.Response.WriteAsync("Hello World!");
    });
  });
}

  app.Use(next => context =>
      {
        var endpoint = context.GetEndpoint();
        if (endpoint is null)
        {
          return Task.CompletedTask;
        }
        Console.WriteLine($"Endpoint: {endpoint.DisplayName}");

        if (endpoint is RouteEndpoint routeEndpoint)
        {
          Console.WriteLine("Endpoint has route pattern: " +
            routeEndpoint.RoutePattern.RawText);
        }

        foreach (var metadata in endpoint.Metadata)
        {
          Console.WriteLine($"Endpoint has metadata: {metadata}");
        }
        return next(context);
      });

// ---- 截取自https://github.com/dotnet/aspnetcore/blob/master/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs-----
if (endpoint != null)
{
  context.Items[AuthorizationMiddlewareInvokedWithEndpointKey] = AuthorizationMiddlewareWithEndpointInvokedValue;
}
var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
if (policy == null)
{
   await _next(context);
   return;
}
var policyEvaluator = context.RequestServices.GetRequiredService<IPolicyEvaluator>();
......