3

My project has a front-end and an API in the same solution so I am building a custom authentication middleware which is meant to authorize only the API controllers since the Front-end controllers use Identity.

I am setting the AutomaticAuthenticate option false for Identity on Startup.cs like this

services.AddIdentity<ApplicationUser, IdentityRole>(config =>
        {                
            config.User.RequireUniqueEmail = true;
            config.Password.RequiredLength = 4;
            config.Cookies.ApplicationCookie.AuthenticationScheme = "Cookie";
            config.Cookies.ApplicationCookie.AutomaticAuthenticate = false;                           
        }).AddEntityFrameworkStores<DbContext>()
        .AddDefaultTokenProviders();

And for my custom middleware I implemented custom options and I've done this

app.UseApiAuthorizationMiddleware(new ApiAuthenticationOptions
        {
            AuthenticationScheme = "Api",
            AutomaticAuthenticate = false
        });

Now when I try to use 

[Authorize(AuthenticationSchemes = "Api")]

in my controller Visul Studio tells me that AuthenticationSchemes couldn't be found and I'm missing and assemby or reference. Quick Action tool tells me to add 

"System.Net.Primitives": "4.0.11-rc2-24027"

but I end up with version 4.0.10 and it doesn't compile... I'm not sure if what I'm done so far is good or if indeed there is an issue here.

I hope it's clear.

thanks

Improve this question
3
  • I guess a side question is if that is the way to make Identity not automatic? Commented May 28, 2016 at 3:17
  • Do you call app.UseApiAuthorizationMiddleware before app.UseIdentity? Does you middleware inherit AuthenticationMiddleware ? Commented May 28, 2016 at 7:04
  • I call it after and i do inherit from authenticationmiddleware Commented May 29, 2016 at 14:12

1 Answer 1

Reset to default
1

To properly implement a custom authentication middleware I had to not only implement a middleware that inherits from AuthenticationMiddleware but also implement an authentication handler that extends from AuthenticationHandler and all the logic goes on the method HandleAuthenticateAsync()

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.