I am trying to build a piece of middleware for authentication for MVC 6 and ask some questions.
First, is there anything available that demonstrates the proper way to implement special middleware for authentication? I tried to crack the existing framework code, but I have the feeling that this is not the best approach.
After doing the aforementioned hack, I got something similar in that it might work, but I'm not sure why.
In my class, StartupI added the following:
services.ConfigureAuthorization(auth =>
{
auth.AddPolicy("TEST", new AuthorizationPolicyBuilder().AddAuthenticationSchemes("TEST").RequireAuthenticatedUser().Build());
});
From here, if I add a [Authorize(Policy = "TEST")]controller to the action, I can see that everything is working, in particular, I see that HandleUnauthorizedAsyncthe authentication handler class method is running. If I remove the value Policyfrom the attribute Authorize, I get an exception stating that "The following authentication scheme has not been accepted:".
I looked at the code generated from the standard template and I can’t see anything where the authorization policy is added. In addition, I can add the attribute Authorizewithout setting a value for Policy, and it works (redirects to the login page).
Why do I need an authorization policy in one instance, but not in another?
, , , , , , .
* *
AutomaticAuthentication AuthenticationOptions. true, Policy Authorize . , , , .