search

hung-doan / .bookmarks

My life bookmarker
0 stars 0 forks source link

ASP .NET Core : services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) not override all AuthenticateScheme #43

Open hung-doan opened 6 years ago

hung-doan commented 6 years ago

When use JWT authentication in ASp .NET Core MVC, I expected that all scheme should be JWT

According to this link : https://github.com/aspnet/announcements/issues/262

There are now overloads that use the default schemes for each method in IAuthenticationService

DefaultScheme: if specified, all the other defaults will fallback to this value DefaultAuthenticateScheme: if specified, AuthenticateAsync() will use this scheme, and also the AuthenticationMiddleware added by UseAuthentication() will use this scheme to set context.User automatically. (Corresponds to AutomaticAuthentication) DefaultChallengeScheme if specified, ChallengeAsync() will use this scheme, [Authorize] with policies that don't specify schemes will also use this DefaultSignInScheme is used by SignInAsync() and also by all of the remote auth schemes like Google/Facebook/OIDC/OAuth, typically this would be set to a cookie. DefaultSignOutScheme is used by SignOutAsync() falls back to DefaultSignInScheme DefaultForbidScheme is used by ForbidAsync(), falls back to DefaultChallengeScheme

It state that "DefaultScheme: if specified, all the other defaults will fallback to this value", But It does not work.

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
services.AddAuthentication(o =>
            {
                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })

Both of them are not work.

You have to define all scheme one by one

            services.AddAuthentication(o =>
            {
                o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                o.DefaultAuthenticateScheme = 
                o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                o.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
            })
hung-doan commented 6 years ago

Execution Log when i use services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme). We can see that , It using Cookie Authentication for the Authorization

JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
JWT>       Request starting HTTP/1.1 OPTIONS http://localhost:52770/api/user/profile  
JWT> info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[4]
JWT>       Policy execution successful.
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
JWT>       Request finished in 0.5427ms 204 
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
JWT>       Request starting HTTP/1.1 GET http://localhost:52770/api/user/profile application/json 
JWT> info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[4]
JWT>       Policy execution successful.
JWT> info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
JWT>       Authorization failed for user: (null).
JWT> info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
JWT>       Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
JWT> info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
JWT>       Executing ChallengeResult with authentication schemes ().
JWT> info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[12]
JWT>       AuthenticationScheme: Identity.Application was challenged.
JWT> info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
JWT>       Executed action JWT.TokenController.GetUserInfo (JWT) in 7.6864ms
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
JWT>       Request finished in 9.9377ms 302 
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
JWT>       Request starting HTTP/1.1 OPTIONS http://localhost:52770/Account/Login?ReturnUrl=%2Fapi%2Fuser%2Fprofile  
JWT> info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[4]
JWT>       Policy execution successful.
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
JWT>       Request finished in 0.4093ms 204 
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
JWT>       Request starting HTTP/1.1 GET http://localhost:52770/Account/Login?ReturnUrl=%2Fapi%2Fuser%2Fprofile application/json 
JWT> info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[4]
JWT>       Policy execution successful.
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
JWT>       Request finished in 0.647ms 404

====================

Here is the log if i define all scheme one by one : 

JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
JWT>       Request starting HTTP/1.1 OPTIONS http://localhost:52770/api/user/profile  
JWT> info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[4]
JWT>       Policy execution successful.
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
JWT>       Request finished in 2.9786ms 204 
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
JWT>       Request starting HTTP/1.1 GET http://localhost:52770/api/user/profile application/json 
JWT> info: Microsoft.AspNetCore.Cors.Infrastructure.CorsService[4]
JWT>       Policy execution successful.
JWT> info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
JWT>       Successfully validated the token.
JWT> info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[8]
JWT>       AuthenticationScheme: Bearer was successfully authenticated.
JWT> info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
JWT>       Authorization was successful for user: hung.doantan@gmail.com.
JWT> info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
JWT>       Executing action method JWT.TokenController.GetUserInfo (JWT) with arguments ((null)) - ModelState is Valid
JWT> info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
JWT>       Entity Framework Core 2.0.2-rtm-10011 initialized 'AppIdentityDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: None
JWT> info: Microsoft.EntityFrameworkCore.Database.Command[20101]
JWT>       ...
JWT> info: Microsoft.AspNetCore.Mvc.Formatters.Json.Internal.JsonResultExecutor[1]
JWT>       Executing JsonResult, writing value { username = hung.doantan@gmail.com, email = hung.doantan@gmail.com }.
JWT> info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
JWT>       Executed action JWT.TokenController.GetUserInfo (JWT) in 804.0007ms
JWT> info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
JWT>       Request finished in 871.4608ms 200 application/json; charset=utf-8