Multiple Authentication Scheme is broken after migration to .net core 3.1

0
votes

I have this .NET core web app that use multiple authentication schemes declared like that :

             services.AddAuthentication("Scheme1")
            .AddScheme<Scheme1Options, Scheme1Handler>("Scheme1", null)
            .AddScheme<Scheme2Options, Scheme2Handler>("Scheme2", null)
            .AddScheme<Scheme3Options, Scheme3Handler>("Scheme3", null);

In my controllers, I apply the appropriate scheme depending on what the controller does. This was working perfectly well in .net Core 2.2.

Then I updgraded to .net Core 3.1

I modified the startup.Configure() like that :

        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();

And now, I get a

InvalidOperationException: Endpoint /Index contains authorization metadata, but a middleware was not found that supports authorization.
Configure your application startup by adding app.UseAuthorization() inside the call to Configure(..) in the application startup code. The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...).

for any controller that does not use the default middleware. It's like the 2 additional middleware were not recognized.

Any idea ?

2
asp.net.net

2 Answers

0
votes
        app.UseRouting();
        app.UseDefaultFiles();
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });

I do not know if it's the issue that The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...).

0
votes

I found out what the problem was. Starting with .NET Core 3.0, the authentication method seems to use request headers to store information. In my middleware, I was doing a context.HttpContext.Items.Clear(); which was reseting a header required by the pipeline / middleware.