admin管理员组

文章数量:1123058

We want to use a custom authorization handler in ASP.NET Core 8. When debugging, I see that the handler's code gets hit and the authorization requirement succeeds, but then I get a 403, because the DenyAnonymousAuthorizationRequirement of the PassthroughAuthorizationHandler is not fulfilled.

But I am authenticated alright, I can see my name in the UI and everything else works fine, including the [Authorize] attribute with roles, which we use on other endpoints. It just fails with the custom handler.

The authentication is configured like this:

        services
            .AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
            .AddCertificate(CertificateAuthenticationDefaults.AuthenticationScheme,
              options => {
                  options.Events = new CertificateAuthenticationEvents {
                      OnCertificateValidated = context => {
                          var userManager = context.HttpContext.RequestServices.GetRequiredService<ICurrentUserManager>();
                          context.Principal = userManager.LoginUserWithCertificate(context
                                        .ClientCertificate);
                          context.Success();

                          return Task.CompletedTask;
                      }
                  };
              });
        
        services.AddAuthorization();
        services.AddScoped<IAuthorizationHandler, AppRolesAuthorizationHandler>();

And I made sure that in the Program.cs UseAuthentication() is called before UseAuthorization().

What am I missing here? How can I even find out where exactly it goes wrong?

本文标签:

版权声明:本文标题:asp.net - Why do I get DenyAnonymousAuthorizationRequirement error for my custom authorization handler in .NET 8? - Stack Overfl 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736541856a1944394.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。