"No authenticationScheme was specified, and there was no DefaultChallengeScheme found." when sending request without cookie

huangapple go评论113阅读模式
英文:

"No authenticationScheme was specified, and there was no DefaultChallengeScheme found." when sending request without cookie

问题

我正在使用基于cookie的身份验证制作Web应用程序。我有登录界面,后端发送cookie,然后浏览器在每个请求中都带上cookie。

但是,当我尝试访问受保护的端点(无论是否带有cookie),服务器返回的不是未经授权或OK,而是内部服务器错误,显示以下异常:

System.InvalidOperationException: 未指定身份验证方案,并且未找到默认的挑战方案。默认方案可以使用 AddAuthentication(string defaultScheme)  AddAuthentication(Action<AuthenticationOptions> configureOptions) 来设置。
    Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
    Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
    Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
    Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
    Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

我的cookie身份验证配置如下:

builder.Services.ConfigureApplicationCookie(options =>
{
    options.Cookie.Name = "Testcookie";
    options.Cookie.HttpOnly = true;
    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    options.Cookie.SameSite = SameSiteMode.Lax;
    options.Cookie.Domain = "localhost";
    options.SlidingExpiration = true;
    options.ExpireTimeSpan = TimeSpan.FromMinutes(55);
    options.Cookie.IsEssential = true;
});

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

当我将cookie配置更改为以下内容时:

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
});

在发送cookie时,端点开始正常工作,但是在尝试访问不带cookie的端点时,出现相同的500错误和相同的消息。

当配置如下时:

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});

我一直得到500错误。

在使用Postman或Angular进行调用时结果相同。

我完全不明白发生了什么,为什么我没有从服务器获得未经授权的响应?配置应该是什么样的,我做错了什么?

英文:

I'm making webapp with cookie-based authentication. I have login screen, backend sends cookie and then browser sends cookie with each requests.

But when I try to reach secured endpoints (with or without cookie) instead of Unauthorized or OK, server returns Internal Server Error with this exception:

System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

My cookie authentication configuration looks like this:

            builder.Services.ConfigureApplicationCookie(options =>
            {
                options.Cookie.Name = "Testcookie";
                options.Cookie.HttpOnly = true;
                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
                options.Cookie.SameSite = SameSiteMode.Lax;
                options.Cookie.Domain = "localhost";
                options.SlidingExpiration = true;
                options.ExpireTimeSpan = TimeSpan.FromMinutes(55);
                options.Cookie.IsEssential = true;
            });

            builder.Services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            });

When I change cookie configuration to this:


            builder.Services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            });

Endpoints starts working when cookie is send, but have same 500 error with the same message when trying to reach endpoint without cookie.

When configuration looks like this:


            builder.Services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            });

I have 500 all the time.

Same result when I'm making calls from Postman or from Angular.

I totally don't understand what is going on, why I'm not getting Unauthorized from server? How this configuration should looks like, what I did wrong?

答案1

得分: 1

老实说,我认为代码应该类似下面的样子,但我不确定。

builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; //如果你不使用 Jwt,我认为你可以删除这一行
}).AddCookie(/*cookie=> 这里你可以添加一些选项*/);

如果你不使用 Jwt token:

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(/*cookie=> 这里你可以添加一些选项*/);
英文:

To be honest i think the code should look something like the code bellow, not actually sure.

builder.Services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; //if you dont use Jwt i think you can just delete this line
            }).AddCookie(/*cookie=> you can add some options here*/);

if you don't use the Jwt token:

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(/*cookie=> you can add some options here*/);

huangapple
  • 本文由 发表于 2023年3月9日 19:07:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/75683753.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定