Geek Answers Handbook

Carrier Identification with ASP.NET Core RC2 404 instead of 403

I am trying to use media authentication using ASP.NET Core RC2. It works with the user authenticator and has this role, but when the user is not authorized (authenticated, but does not have this role), I get a 404 error instead of the expected 403.

Startup.cs

public void ConfigureServices(IServiceCollection services) { services.AddCors(options => { options.AddPolicy("CorsPolicy", builder => { builder .WithOrigins("*") .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); } ); }); services.AddIdentity<AppUser, AppRole>().AddEntityFrameworkStores<AppIdentityDbContext, int>(); services.AddAuthorization(); services.AddMvc(config => { var policy = new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .Build(); config.Filters.Add(new AuthorizeFilter(policy)); }).AddJsonOptions(options => options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver() ); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); app.UseBrowserLink(); } else { app.UseExceptionHandler("/home/error"); } app.UseStaticFiles(); var signingKey = GetSigningKey(); app.UseJwtBearerAuthentication(new JwtBearerOptions() { AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme, AutomaticAuthenticate = true, AutomaticChallenge = true, TokenValidationParameters = new TokenValidationParameters() { IssuerSigningKey = signingKey, ValidateIssuerSigningKey = true, ValidateLifetime = true, ValidAudience = "MyAudience", ValidIssuer = "MyIssuer" } }); app.UseCors(config => { config.AllowCredentials(); config.AllowAnyOrigin(); config.AllowAnyHeader(); config.AllowAnyMethod(); }); app.UseIdentity(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } public static SecurityKey GetSigningKey() { var plainTextSecurityKey = "This is my shared, not so secret, secret!"; return new SymmetricSecurityKey(Encoding.UTF8.GetBytes(plainTextSecurityKey)); }
0
authentication asp.net-web-api asp.net-core .net-core-rc2
source share
2 answers

Using app.UseIdentity() will add CookieAuthentication to your application, and therefore all unauthenticated requests will be redirected to /Account/Login .

You probably haven't added any routes to handle this so that it gives you 404.

Source: https://github.com/aspnet/Identity/blob/dev/src/Microsoft.AspNetCore.Identity/BuilderExtensions.cs

+3
source share

Please check the position of app.UseIdentity () and the MVC routing of app.UseMvc (). The authentication code must be below app.useIdenetity () and above to rotate Mvc. for example: app.UseApplicationInsightsExceptionTelemetry ();

  app.UseStaticFiles(); app.UseIdentity(); app.UseCors(builder => builder.AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod() ); app.UseSwagger(); app.UseSwaggerUi(); ConfigureAuth(app); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "index"); });
0
source share

More articles:


All Articles