ASP.Net core 2: Default Authentication Scheme ignored

Question

I'm trying to build a custom AuthenticationHandler in ASP.Net Core 2. Following up topic like ASP.NET Core 2.0 authentication middleware and Why is Asp.Net Core Authentication Scheme mandatory, I've created the specific classes. The registering happens like this:

services.AddAuthentication(
    options =>
    {
        options.DefaultScheme = Constants.NoOpSchema;
        options.DefaultAuthenticateScheme = Constants.NoOpSchema;
        options.DefaultChallengeScheme = Constants.NoOpSchema;
        options.DefaultSignInScheme = Constants.NoOpSchema;
        options.DefaultSignOutScheme = Constants.NoOpSchema; 
        options.DefaultForbidScheme = Constants.NoOpSchema;
    }
).AddScheme<CustomAuthOptions, CustomAuthHandler>(Constants.NoOpSchema, "Custom Auth", o => { });

Everything works, if the specific controllers set the Scheme explicitely:

[Authorize(AuthenticationSchemes= Constants.NoOpSchema)]
[Route("api/[controller]")]
public class IndividualsController : Controller

But I would like to not have to set the Schema, since it should get added dynamically. As soon as I remove the Scheme Property, like this:

[Authorize]
[Route("api/[controller]")]
public class IndividualsController : Controller

It doesn't work anymore.

I would have hoped, that setting the DefaultScheme Properties does this job. Interesting enough, I didn't find any specific discussion about this topic. Am I doing something wrong here or is my expected outcome wrong?

Edit: Thanks for the questions, it helped me a lot. It seems like mapping the DefaultScheme is using by the Authentication Middleware, which I only used, when the CustomAuthHandler was not in place. Therefore I had to add the AuthenticationMiddleware always.

Edit2: Unfortunately, it still doesn't work. To enhance a bit my question: I'm adding the middleware as usual:

app.UseAuthentication();
app.UseMvc();

Now I get into my Handler, which is looking like this:

public class NoOpAuthHandler : AuthenticationHandler<NoOpAuthOptions>
{
    public const string NoOpSchema = "NoOp";

    public NoOpAuthHandler(IOptionsMonitor<NoOpAuthOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
    {
    }

    protected override Task<AuthenticateResult> HandleAuthenticateAsync() => Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(Context.User, NoOpSchema)));
}

But even if I always return success, I get an 401. I think I have to dig deeper and kindahow set some Claims, but unfortunately, the Handlers from Microsoft are quite hard to analyze, since they contain a lot of Code.

Have you add app.UseAuthentication() in your middleware pipeline? — Kahbazi
– Kahbazi, Commented Apr 19, 2018 at 8:39
what error do you get when you remove AuthenticationSchemes? — Neville Nazerane
– Neville Nazerane, Commented Apr 19, 2018 at 9:56
i supose you know, but you can inherit the authorize attribute to avoid the AuthenticationSchemes= Constants.NoOpSchema — animalito maquina
– animalito maquina, Commented Apr 19, 2018 at 14:21

Amal K · Accepted Answer · 2021-08-13 08:27:14Z

20

ASP.NET Core 2 Answer

You have to set a default authorization policy tied to your authentication scheme:

services.AddAuthorization(options => {
  options.DefaultPolicy = new AuthorizationPolicyBuilder()
    .AddAuthenticationSchemes(Constants.NoOpSchema)
    .RequireAuthenticatedUser()
    .Build();
});

ASP.NET Core 3 Answer

In ASP.NET Core 3 things apparently changed a bit, so you would want to create an extension method to add your authentication handler:

public static class NoOpAuthExtensions
{
    public static AuthenticationBuilder AddNoOpAuth(this AuthenticationBuilder builder)
        => builder.AddNoOpAuth(NoOpAuthHandler.NoOpSchema, _ => { });
    public static AuthenticationBuilder AddNoOpAuth(this AuthenticationBuilder builder, Action<NoOpAuthOptions> configureOptions)
        => builder.AddNoOpAuth(NoOpAuthHandler.NoOpSchema, configureOptions);
    public static AuthenticationBuilder AddNoOpAuth(this AuthenticationBuilder builder, string authenticationScheme, Action<NoOpAuthOptions> configureOptions)
        => builder.AddNoOpAuth(authenticationScheme, null, configureOptions);
    public static AuthenticationBuilder AddNoOpAuth(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<NoOpAuthOptions> configureOptions)
    {
        return builder.AddScheme<NoOpAuthOptions, NoOpAuthHandler>(authenticationScheme, displayName, configureOptions);
    }
}

And use it in your ConfigureServices method like this:

services
  .AddAuthentication(NoOpAuthHandler.NoOpSchema)
  .AddNoOpAuth();

edited Aug 13, 2021 at 8:27

Amal K

4,9882 gold badges28 silver badges56 bronze badges

answered Dec 14, 2018 at 12:40

RaphaelH

2,1942 gold badges30 silver badges43 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

King John Over a year ago

This worked for me. I'm not sure what DefaultAuthenticateScheme is actually for, but it's not for setting the default [Authorize] scheme.

brenthompson2 Over a year ago

This worked for me, except I had to modify the NoOp HandleAuthenticateAsync provided by the question asker to return a GenericPrincipal instead of the User from the Context. Doesn't feel safe to be creating a GenericIdentity, but okay for my no-auth non-production use case.

Kahbazi · Accepted Answer · 2018-04-20 00:08:31Z

11

Make sure that you have Authentication middleware in your pipeline and place it before MVC.

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    ///

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller}/{action=Index}/{id?}");
    });
    ///
}

UPDATE

try using this code in HandleAuthenticateAsync method.

protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
    List<Claim> claims = new List<Claim>();
    ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, Scheme.Name);
    ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
    AuthenticationTicket authenticationTicket = new AuthenticationTicket(claimsPrincipal, Scheme.Name);
    return AuthenticateResult.Success(authenticationTicket);
}

edited Apr 20, 2018 at 0:08

answered Apr 19, 2018 at 13:05

Kahbazi

15.1k3 gold badges52 silver badges80 bronze badges

1 Comment

René Sackers Over a year ago

Another note, in .NET Core 3/5, make sure you have app.UseAuthentication BEFORE app.UseAuthorization(). There goes 2 hours of my day :)

Uwe Keim · Accepted Answer · 2022-03-21 10:14:58Z

3

I suffer this for hours, in my case problem was default AuthenticationMiddleware class.

More specifically; If you set ClaimsPrincipal within custom middleware in your request pipeline like below;

HttpContext.context.User = new ClaimsPrincipal(identity); this will override your default auth config settings,

What I did to solve; remove custom middleware and add app.UseAuthentication(); in Configure section in Startup.cs, and Authorize attribute checks whatever set in config section as default;

Here is mine;

services.AddAuthentication(x =>
    {
        x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    }).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, x =>
    {
        x.RequireHttpsMetadata = false;
        x.SaveToken = true;
        x.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(key),
            ValidateLifetime = true,
            ValidateIssuer = false,
            ValidateAudience = false,
            ClockSkew = TimeSpan.Zero
        };
    });

edited Mar 21, 2022 at 10:14

Uwe Keim

40.9k61 gold badges193 silver badges308 bronze badges

answered Jul 30, 2020 at 9:37

TyForHelpDude

5,02112 gold badges57 silver badges105 bronze badges

1 Comment

Homayoun Behzadian Over a year ago

This answer helped me find that setting value of DefaultScheme does not work! What I needed was setting DefaultAuthenticateScheme to my scheme, so my custom authentication handler will be executed on every request weather controller action decorated with [Authorize(AuthenticationSchemes = MyAuthenticationConstants.Scheme)] or even [Authorize] attributes

laaksom · Accepted Answer · 2020-11-19 18:56:45Z

2

in .NET Core 3.1, I had to manually add [Authorize(AuthenticationSchemes = "Bearer")] instead of a plain [Authorize] to endpoints in order for authentication to function as I'd expect. The following configuration change solved the issue:

services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = "Bearer";
    })

answered Nov 19, 2020 at 18:56

laaksom

2,2203 gold badges21 silver badges18 bronze badges

Comments

Oleg · Accepted Answer · 2019-02-10 20:45:13Z

0

try this.

services.AddAuthentication(
        options =>
        {
            options.DefaultAuthenticateScheme = "Cookie"
            options.DefaultChallengeScheme = Constants.NoOpSchema;
            options.DefaultSignInScheme = "Cookie";
        }
    )
    .AddCookie("Cookie")
    .AddScheme<CustomAuthOptions, CustomAuthHandler>(Constants.NoOpSchema, "Custom Auth", o => { });

answered Feb 10, 2019 at 20:45

Oleg

1471 silver badge14 bronze badges

Collectives™ on Stack Overflow

ASP.Net core 2: Default Authentication Scheme ignored

5 Answers 5

2 Comments

1 Comment

1 Comment

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

2 Comments

1 Comment

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related