ASP.net Core 2 custom authentication (IsAuthenticated = false)

Question

I'm looking for a minimal example for a custom authentication writen in C# for asp.net core 2 based on for example API keys.

Mircosoft has a pretty good documentation about doing this with cookies, however this is not what I want. Since I want to use API keys (given by http-header, GET or Cookie, ...) I never make a call to HttpContext.SignInAsync and this is maybe the issue I can't find/google my way around.

I built an simple AuthenticationHandler (based on this - since I read that custom middlewares are not the way to go anymore) which looks something like this:

internal class CustomAuthHandler : AuthenticationHandler
{
    protected override async Task HandleAuthenticateAsync()
    {
        // parse cookies to find APIKEY
        if(Context.Request.Cookies.ContainsKey("APIKEY"))
        {
            string APIKEY = Request.Cookies["APIKEY"];
            // ... checking DB for APIKEY ...

            // creating claims
            var claims = new[]
            {
                new Claim( /* ... */ ),
                // ...
            };

            var claimsIdentity = new ClaimsIdentity(claims);
            var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
            var ticket = new AuthenticationTicket(claimsPrincipal, new AuthenticationProperties(), "Custom Scheme");
            return AuthenticateResult.Success(ticket); // this line gets called
        }

        return AuthenticateResult.NoResult();
    }
}

But when I have an API endpoint with just the [Authorize] attribute the DenyAnonymousAuthorizationRequirement denies the request cause the user is not allowed (cause IsAuthenticated == false which is readonly, all claims are shown properly)

ASP.net Core 2 custom authentication (IsAuthenticated = false)

Answers (1)

Related Questions