You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Remote authentication providers like OpenIdConnect, WsFederation, and OAuth have been updated to avoid unnecessary errors when there is no user information available on the request.
Version
.NET 7 RC1
Previous behavior
When AuthenticateAsync was called on a remote authentication provider and there was no current user, this call would fail with a message like OpenIdConnect was not authenticated. Failure message: Not authenticated.
New behavior
AuthenticateAsync will now return AuthenticateResult.NoResult(), an anonymous identity.
Type of breaking change
Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.
Behavioral change: Existing code and binaries may experience different run-time behavior.
Reason for change
This was inconsistent with Cookie and Negotiate authentication which will return AuthenticateResult.NoResult().
It causes excess failure logs, especially if the remote authentication handler is set as the default handler and invoked per request.
Recommended action
Code that directly invokes AuthenticateAsync should be checked to ensure it properly handles AuthenticateResult.NoResult() and anonymous/empty ClaimsIdentity's.
Description
RE: dotnet/aspnetcore#43042, dotnet/aspnetcore#43212
Remote authentication providers like OpenIdConnect, WsFederation, and OAuth have been updated to avoid unnecessary errors when there is no user information available on the request.
Version
.NET 7 RC1
Previous behavior
When AuthenticateAsync was called on a remote authentication provider and there was no current user, this call would fail with a message like
OpenIdConnect was not authenticated. Failure message: Not authenticated
.New behavior
AuthenticateAsync will now return
AuthenticateResult.NoResult()
, an anonymous identity.Type of breaking change
Reason for change
AuthenticateResult.NoResult()
.Recommended action
Code that directly invokes AuthenticateAsync should be checked to ensure it properly handles
AuthenticateResult.NoResult()
and anonymous/empty ClaimsIdentity's.Affected APIs
HttpContext.AuthenticateAsync
The text was updated successfully, but these errors were encountered: