ASP.NET Core 2.0 authentication middleware

by

So, after a long day of trying to solve this problem, I’ve finally figured out how Microsoft wants us to make custom authentication handlers for their new single-middleware setup in core 2.0.

After looking through some of the documentation on MSDN, I found a class called AuthenticationHandler<TOption> that implements the IAuthenticationHandler interface.

From there, I found an entire codebase with the existing authentication schemes located at https://github.com/aspnet/Security

Inside of one of these, it shows how Microsoft implements the JwtBearer authentication scheme. (https://github.com/aspnet/Security/tree/master/src/Microsoft.AspNetCore.Authentication.JwtBearer)

I copied most of that code over into a new folder, and cleared out all the things having to do with JwtBearer.

In the JwtBearerHandler class (which extends AuthenticationHandler<>), there’s an override for Task<AuthenticateResult> HandleAuthenticateAsync()

I added in our old middleware for setting up claims through a custom token server, and was still encountering some issues with permissions, just spitting out a 200 OK instead of a 401 Unauthorized when a token was invalid and no claims were set up.

I realized that I had overridden Task HandleChallengeAsync(AuthenticationProperties properties) which for whatever reason is used to set permissions via [Authorize(Roles="")] in a controller.

After removing this override, the code had worked, and had successfully thrown a 401 when the permissions didn’t match up.

The main takeaway from this is that now you can’t use a custom middleware, you have to implement it via AuthenticationHandler<> and you have to set the DefaultAuthenticateScheme and DefaultChallengeScheme when using services.AddAuthentication(...).

Here’s an example of what this should all look like:

In Startup.cs / ConfigureServices() add:

services.AddAuthentication(options =>
{
    // the scheme name has to match the value we're going to use in AuthenticationBuilder.AddScheme(...)
    options.DefaultAuthenticateScheme = "Custom Scheme";
    options.DefaultChallengeScheme = "Custom Scheme";
})
.AddCustomAuth(o => { });

In Startup.cs / Configure() add:

app.UseAuthentication();

Create a new file CustomAuthExtensions.cs

public static class CustomAuthExtensions
{
    public static AuthenticationBuilder AddCustomAuth(this AuthenticationBuilder builder, Action<CustomAuthOptions> configureOptions)
    {
        return builder.AddScheme<CustomAuthOptions, CustomAuthHandler>("Custom Scheme", "Custom Auth", configureOptions);
    }
}

Create a new file CustomAuthOptions.cs

public class CustomAuthOptions: AuthenticationSchemeOptions
{
    public CustomAuthOptions()
    {

    }
}

Create a new file CustomAuthHandler.cs

internal class CustomAuthHandler : AuthenticationHandler<CustomAuthOptions>
{
    public CustomAuthHandler(IOptionsMonitor<CustomAuthOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
    {
        // store custom services here...
    }
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        // build the claims and put them in "Context"; you need to import the Microsoft.AspNetCore.Authentication package
        return AuthenticateResult.NoResult();
    }
}

More Related Contents:

  1. Token Based Authentication in ASP.NET Core
  2. ASP.NET Core 2.0 LDAP Active Directory Authentication
  3. Token Based Authentication in ASP.NET Core (refreshed)
  4. .NET Core Identity Server 4 Authentication VS Identity Authentication
  5. Custom Authentication in ASP.Net-Core
  6. Unable to create migrations after upgrading to ASP.NET Core 2.0
  7. ASP.NET Core 2.0 disable automatic challenge
  8. Run a background task from a controller action in ASP.NET Core
  9. Cannot resolve scoped service from root provider .Net Core 2
  10. How do I setup multiple auth schemes in ASP.NET Core 2.0?
  11. ASP.NET Core disable authentication in development environment
  12. ASP.NET Core Identity 2.0 SignoutAsync is not logging out user if the user signed in with Google
  13. Identity in ASP.Net Core 2.1< - Customize AccountController
  14. What is the difference between UseStaticFiles, UseSpaStaticFiles, and UseSpa in ASP.NET Core 2.1?
  15. Simple JWT authentication in ASP.NET Core 1.0 Web API
  16. Simple token based authentication/authorization in asp.net core for Mongodb datastore
  17. Tag helper not being processed in ASP.NET Core 2
  18. ASP.NET Core Web API Authentication
  19. ‘HttpPostedFileBase’ in Asp.Net Core 2.0
  20. Get a service in a IServiceCollection extension
  21. Sharing Cookies Between Two ASP.NET Core Applications
  22. How to register multiple implementations of the same interface in Asp.Net Core?
  23. Store complex object in TempData
  24. How can I use Dependency Injection in a .Net Core ActionFilterAttribute?
  25. How to know the selected checkboxes from within the HttpPost Create action method?
  26. loading a full hierarchy from a self referencing table with EntityFramework.Core
  27. How do I solve a “view not found” exception in asp.net core mvc project
  28. How to give custom implementation of UpdateAsync method of asp.net identity?
  29. How to map fallback in ASP .NET Core Web API so that Blazor WASM app only intercepts requests that are not to the API
  30. What Nuget packages must be referenced by an ASP.NET Core 6 application parts project

Leave a Comment