Multiple Authentication Scheme is broken after migration to .net core 3.1

I have this .NET core web app that use multiple authentication schemes declared like that :

             services.AddAuthentication("Scheme1")
            .AddScheme<Scheme1Options, Scheme1Handler>("Scheme1", null)
            .AddScheme<Scheme2Options, Scheme2Handler>("Scheme2", null)
            .AddScheme<Scheme3Options, Scheme3Handler>("Scheme3", null);

In my controllers, I apply the appropriate scheme depending on what the controller does.
This was working perfectly well in .net Core 2.2.

Then I updgraded to .net Core 3.1

I modified the startup.Configure() like that :

        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();

And now, I get a

InvalidOperationException: Endpoint /Index contains authorization metadata, but a middleware was not found that supports authorization.
Configure your application startup by adding app.UseAuthorization() inside the call to Configure(..) in the application startup code. The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...).

for any controller that does not use the default middleware. It’s like the 2 additional middleware were not recognized.

Any idea ?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

        app.UseRouting();
        app.UseDefaultFiles();
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });

I do not know if it’s the issue that The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(…).

Method 2

I found out what the problem was.
Starting with .NET Core 3.0, the authentication method seems to use request headers to store information.
In my middleware, I was doing a context.HttpContext.Items.Clear(); which was reseting a header required by the pipeline / middleware.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x