Unless I explicitly add the attribute decorator below the User instance has no claims on it, I would be very helpful for any guidance on what I might be doing wrong,
[Authorize(AuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)]
My Startup.cs is as follows:
public class Startup
{
public const string WebsitePolicyName = "Website";
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(options =>
{
options.EnableEndpointRouting = false;
});
services.AddControllers().AddNewtonsoftJson();
services.AddCors(options =>
{
options.AddPolicy(WebsitePolicyName,
builder =>
{
builder.WithOrigins("https://localhost:44345").AllowAnyHeader().AllowAnyMethod();
});
});
services.Configure<ConnectionStrings>(Configuration.GetSection("ConnectionStrings"));
services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
var connectionString = Configuration.GetConnectionString("DefaultConnection");
services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(connectionString);
options.UseOpenIddict();
},
ServiceLifetime.Transient);
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.User.RequireUniqueEmail = true;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
});
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<ApplicationDbContext>();
})
.AddServer(options =>
{
options.UseMvc();
options.RegisterScopes(
OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles);
options.EnableAuthorizationEndpoint("/connect/authorize")
.EnableLogoutEndpoint("/connect/logout")
.EnableTokenEndpoint("/connect/token")
.EnableUserinfoEndpoint("/api/userinfo");
options.AllowAuthorizationCodeFlow()
.AllowPasswordFlow()
.AllowCustomFlow("facebook_identity_token")
.AllowRefreshTokenFlow();
options.AcceptAnonymousClients();
})
.AddValidation();
services.AddSwaggerDocument();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors(WebsitePolicyName);
app.UseAuthentication();
app.UseMvc();
app.UseHttpsRedirection();
app.UseRouting();
app.UseOpenApi();
app.UseSwaggerUi3();
app.UseErrorHandlingMiddleware();
}
}
Unless I explicitly add the attribute decorator below the User instance has no claims on it, I would be very helpful for any guidance on what I might be doing wrong,
You're not doing anything wrong, it's the right thing to do. ASP.NET Core Identity registers itself as the default authentication scheme, and using [Authorize(AuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)] is the best option to opt out the default cookie-based scheme. Alternatively, you can override the default schemes globally via services.AddAuthentication(options => { ... }).
Hi Kevin,
That fixed it. Many thanks. :) For completeness here is the solution for anyone else with a similar problem:
services.AddAuthentication(opts =>
{
opts.DefaultAuthenticateScheme = OAuthValidationDefaults.AuthenticationScheme;
opts.DefaultChallengeScheme = OAuthValidationDefaults.AuthenticationScheme;
});
My pleasure 馃槂