From 6460acb5783208135b9ac6fbda80ea1c5e07285c Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Tue, 12 May 2015 16:26:02 -0700 Subject: [PATCH 1/2] AuthorizeFilter should always set a default identity Fixes https://github.com/aspnet/Mvc/issues/2534 --- .../Filters/AuthorizeFilter.cs | 5 +++++ .../Filters/AuthorizeFilterTest.cs | 15 +++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs index 5a58ad3ed5..5e1881d63e 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs @@ -44,6 +44,11 @@ public virtual async Task OnAuthorizationAsync([NotNull] AuthorizationContext co newPrincipal.AddIdentities(result.Identities); } } + // If all schemes failed authentication, provide a default identity anyways + if (newPrincipal.Identity == null) + { + newPrincipal.AddIdentity(new ClaimsIdentity()); + } context.HttpContext.User = newPrincipal; } diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs index f715905576..44639bc5b5 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs @@ -87,6 +87,20 @@ public async Task Invoke_EmptyClaimsShouldAuthorizeAuthenticatedUser() Assert.Null(authorizationContext.Result); } + [Fact] + public async Task Invoke_AuthSchemesFailShouldSetEmptyPrincipalOnContext() + { + // Arrange + var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Fails").RequireAuthenticatedUser().Build()); + var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); + + // Act + await authorizeFilter.OnAuthorizationAsync(authorizationContext); + + // Assert + Assert.NotNull(authorizationContext.HttpContext.User?.Identity); + } + [Fact] public async Task Invoke_SingleValidClaimShouldSucceed() { @@ -303,6 +317,7 @@ private AuthorizationContext GetAuthorizationContext(Action r httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider); auth.Setup(c => c.AuthenticateAsync("Bearer")).ReturnsAsync(new AuthenticationResult(bearerPrincipal, new AuthenticationProperties(), new AuthenticationDescription())); auth.Setup(c => c.AuthenticateAsync("Basic")).ReturnsAsync(new AuthenticationResult(basicPrincipal, new AuthenticationProperties(), new AuthenticationDescription())); + auth.Setup(c => c.AuthenticateAsync("Fails")).ReturnsAsync(null); // AuthorizationContext var actionContext = new ActionContext( From 7d510265d985de34b7e9996d702463ee0af4814c Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Tue, 12 May 2015 17:15:27 -0700 Subject: [PATCH 2/2] Wrap line --- .../Filters/AuthorizeFilterTest.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs index 44639bc5b5..4e7f8bfdc7 100644 --- a/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs +++ b/test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs @@ -9,7 +9,6 @@ using Microsoft.AspNet.Http; using Microsoft.AspNet.Http.Authentication; using Microsoft.AspNet.Routing; -using Microsoft.AspNet.WebUtilities; using Microsoft.Framework.DependencyInjection; using Moq; using Xunit; @@ -91,7 +90,9 @@ public async Task Invoke_EmptyClaimsShouldAuthorizeAuthenticatedUser() public async Task Invoke_AuthSchemesFailShouldSetEmptyPrincipalOnContext() { // Arrange - var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Fails").RequireAuthenticatedUser().Build()); + var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Fails") + .RequireAuthenticatedUser() + .Build()); var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization()); // Act