I am using a .NET Core 3.1 Auth Middleware, and its working. I set a AddAuthentication() and a AddAuthorization() on Startup.cs, set some Headers on my Controller's request, like this "ISApiRunning" method:
It works great, I can even validate the roles based on the JWT I generated. My problem is: I want, based on a boolean value on my appSettings.json "AuthValidationEnabled",set all authentication on my API or not. If false, all methods should be allowed to call from anyone, even if they dont inform any token. My API would be "Open" without restrictions. Basically, enable/disable authentication base on this parameter.
I started it, and configured my Startup.cs like this:
services.AddControllers();
if (serviceConfigurations.AuthValidationEnabled)
{
services.AddAuthentication();
services.AddAuthorization();
}
It compiles and runs, but when I call any API method, that has the "Authorize" tag, like the "IsAPIRunning", it gives me the following exception:
System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
How should I proceed?
I am using a .NET Core 3.1 Auth Middleware, and its working. I set a AddAuthentication() and a AddAuthorization() on Startup.cs, set some Headers on my Controller's request, like this "ISApiRunning" method:
It works great, I can even validate the roles based on the JWT I generated. My problem is: I want, based on a boolean value on my appSettings.json "AuthValidationEnabled",set all authentication on my API or not. If false, all methods should be allowed to call from anyone, even if they dont inform any token. My API would be "Open" without restrictions. Basically, enable/disable authentication base on this parameter.
I started it, and configured my Startup.cs like this:
services.AddControllers();
if (serviceConfigurations.AuthValidationEnabled)
{
services.AddAuthentication();
services.AddAuthorization();
}
It compiles and runs, but when I call any API method, that has the "Authorize" tag, like the "IsAPIRunning", it gives me the following exception:
System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
How should I proceed?
Share Improve this question edited yesterday marc_s 756k184 gold badges1.4k silver badges1.5k bronze badges asked yesterday Marcel JamesMarcel James 87411 silver badges22 bronze badges1 Answer
Reset to default 0To solve this issue, I suggest you could consider creating a custom authentication handler which will allow all the request.
More details, you could refer to below codes:
Handler:
public class DummyAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public DummyAuthHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder
)
: base(options, logger, encoder )
{
}
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
// Create a default "authenticated" identity when auth is disabled
var identity = new ClaimsIdentity("Dummy");
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, "Dummy");
return Task.FromResult(AuthenticateResult.Success(ticket));
}
}
Program.cs:
var AuthValidationEnabled = true;
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = AuthValidationEnabled
? JwtBearerDefaults.AuthenticationScheme
: "Dummy";
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = "YourIssuer",
ValidateAudience = true,
ValidAudience = "YourAudience",
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("YourSecretKey")),
ValidateLifetime = true
};
}).AddScheme<AuthenticationSchemeOptions, DummyAuthHandler>("Dummy", _ => { });
builder.Services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(
AuthValidationEnabled
? JwtBearerDefaults.AuthenticationScheme
: "Dummy"
)
.RequireAuthenticatedUser()
.Build();
});