You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ClaimsPrincipalAuthorization requires ClaimsPrincipal which is not resolved for AuthorizationLevel.Anonymous.
As a consequence ClaimsPrincipal null is passed to ClaimsPrincipalAuthorization:
Change
`
{{#if ValidatesToken}}
if (req.Headers["{{TokenHeader}}"].Count == 0)
{
return new UnauthorizedResult();
}
string authorizationHeader = req.Headers["{{TokenHeader}}"][0];
if (string.IsNullOrWhiteSpace(authorizationHeader))
{
return new UnauthorizedResult();
}
principal = await pluginFunctions.ValidateToken(authorizationHeader);
if (principal == null)
{
return new UnauthorizedResult();
}
contextSetter.SetHttpContext(principal, requestUrl, headerDictionary);
{{/if}}
{{#if AuthorizesClaims}}
var claimsPrincipalAuthorizationResult = await pluginFunctions.IsAuthorized(principal, req.Method, requestUrl);
if (!claimsPrincipalAuthorizationResult)
{
return new UnauthorizedResult();
}
{{/if}}
`
to
`
{{#if ValidatesToken}}
if (req.Headers["{{TokenHeader}}"].Count == 0)
{
return new UnauthorizedResult();
}
string authorizationHeader = req.Headers["{{TokenHeader}}"][0];
if (string.IsNullOrWhiteSpace(authorizationHeader))
{
return new UnauthorizedResult();
}
principal = await pluginFunctions.ValidateToken(authorizationHeader);
if (principal == null)
{
return new UnauthorizedResult();
}
contextSetter.SetHttpContext(principal, requestUrl, headerDictionary);
{{#if AuthorizesClaims}}
var claimsPrincipalAuthorizationResult = await pluginFunctions.IsAuthorized(principal, req.Method, requestUrl);
if (!claimsPrincipalAuthorizationResult)
{
return new UnauthorizedResult();
}
{{/if}}
{{/if}}
`
The text was updated successfully, but these errors were encountered:
Does this mean that after this change anonymous endpoints will skip ClaimsPrincipalAuthorizationDefault?
If so looking forward to this change.
Current behavior doesn't seem right. Why would anonymous endpoint be checked in ClaimsPrincipalAuthorizationDefault?
This is causing issues if you set up some custom data (like user context) in TokenValidator and afterwards check it in ClaimsPrincipalAuthorizationDefault.
Yes, this will be ignore.
Alternatively you can also use a custom IClaimsPrincipalAuthorization implementation and apply it to anonymous endpoints public class AllowAnonymousClaimsAuthorization : IClaimsPrincipalAuthorization { public Task<bool> IsAuthorized(ClaimsPrincipal claimsPrincipal, string httpVerb, string url) { return Task.FromResult(true); } }
ClaimsPrincipalAuthorization requires ClaimsPrincipal which is not resolved for AuthorizationLevel.Anonymous.
As a consequence ClaimsPrincipal null is passed to ClaimsPrincipalAuthorization:
Change
`
`
to
`
`
The text was updated successfully, but these errors were encountered: