'How do you use RequireAuthenticatedUser and RequireClaim in Core MVC?
I have...
s.AddAuthorization(o =>
{
o.AddPolicy("MyPolicy", p =>
{
p.AddAuthenticationSchemes("SchemeName");
p.RequireAuthenticatedUser();
p.RequireClaim("Claim1");
p.AddRequirements(new MyAuthorizationRequirement());
});
}
My authentication handler runs, fails to create an AuthenticationTicket and returns Task.FromResult(AuthenticateResult.Fail(e)).
But my authorization handler still runs and it returns 500 instead of 401 because it errors without the required value. If I avoid the errors it returns 403.
So what's the point of specifying that an authorization scheme requires an authenticated user and claim(s) if the authorization handler runs anyway and I need to manually check the requirements?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|