Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

IgnoreAuthenticationIfAllowAnonymous in HandleAuthenticateAsync specifically doesn't ignore #9

Closed
ghost opened this issue Sep 16, 2021 · 1 comment
Closed

IgnoreAuthenticationIfAllowAnonymous in HandleAuthenticateAsync specifically doesn't ignore #9

ghost opened this issue Sep 16, 2021 · 1 comment

Comments

@ghost
Copy link

ghost commented Sep 16, 2021
edited by ghost
Loading

Code in question:

aspnetcore-authentication-basic/src/AspNetCore.Authentication.Basic/BasicHandler.cs

Lines 54 to 58 in ce690a6

if (IgnoreAuthenticationIfAllowAnonymous())
{
Logger.LogInformation("AllowAnonymous found on the endpoint so request was not authenticated.");
return AuthenticateResult.NoResult();
}

Problem:

The log statement at line 56 breaks the promise to ignore authentication if the endpoint is annotated with [AllowAnonymous].

Expected behavior:

When querying an endpoint annotated with [AllowAnonymous], authentication logic should be ignored.

Actual behavior:

When querying an endpoint annotated with [AllowAnonymous], two lines of log output are produced, stating that nothing is going on. (logspam)

Example:

info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.
info: AspNetCore.Authentication.Basic.BasicHandler[0]
No 'Authorization' header found in the request.

Pull request:

#8
@ghost ghost mentioned this issue Sep 16, 2021
Closed
@mihirdilip
Copy link
Owner

Hi @hcshmk, your request is updated with 6.0.1 release just published. Sorry it took a while as I was waiting for .net6.0 release and then got busy with other stuff.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mihirdilip