leastprivilege
commented
5 years ago That how asp.net core works.
Closed nixa333 closed 5 years ago
leastprivilege
commented
5 years ago That how asp.net core works.
leastprivilege
commented
5 years ago That being said, you could not set the handler as the default authentication scheme, and call AuthenticateAsync yourself in your new apis
nixa333
commented
5 years ago For the record, I went on and implemented my custom Authentication handler instead of using IS4. I ended up reusing bunch of IS4 code and couple of classes to save time. This is a temporary solution as we intend to deprecate the old API in the near future, so we'll revert to the IS4 handler.
Hi,
I have a simple API in ASP.NET core which uses IS4 for authentication needs. API is split in two different versions; newer one supports OAuth and actually uses IS4, but the older one is secured via my custom authorization which uses Authorization header in request to pass token to the API. I've noticed that IS4 server's introspection endpoint is being called on each request to my old API endpoints whenever they're called with Authorization: Bearer 1234567890asdfgh even though the API controller isn't decorated with [Authorize] attribute. I'm interested in knowing why is that, and is there a way it can be stopped?