diff --git a/src/Http/Authentication.Core/src/AuthenticationService.cs b/src/Http/Authentication.Core/src/AuthenticationService.cs
index e949edcfac575ef5e74546f1285ee6e4fd918275..aa35ea30602d15d8601a695abed29139cee0bd2c 100644
--- a/src/Http/Authentication.Core/src/AuthenticationService.cs
+++ b/src/Http/Authentication.Core/src/AuthenticationService.cs
@@ -14,6 +14,7 @@ namespace Microsoft.AspNetCore.Authentication;
public class AuthenticationService : IAuthenticationService
{
private HashSet<ClaimsPrincipal>? _transformCache;
+ private const string defaultSchemesOptionsMsg = "The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions) or by setting the Authentication:DefaultScheme property in configuration.";
/// <summary>
/// Constructor.
@@ -64,7 +65,7 @@ public class AuthenticationService : IAuthenticationService
scheme = defaultScheme?.Name;
if (scheme == null)
{
- throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultAuthenticateScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
+ throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultAuthenticateScheme found. {defaultSchemesOptionsMsg}");
}
}
@@ -112,7 +113,7 @@ public class AuthenticationService : IAuthenticationService
scheme = defaultChallengeScheme?.Name;
if (scheme == null)
{
- throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
+ throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultChallengeScheme found. {defaultSchemesOptionsMsg}");
}
}
@@ -140,7 +141,7 @@ public class AuthenticationService : IAuthenticationService
scheme = defaultForbidScheme?.Name;
if (scheme == null)
{
- throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultForbidScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
+ throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultForbidScheme found. {defaultSchemesOptionsMsg}");
}
}
@@ -186,7 +187,7 @@ public class AuthenticationService : IAuthenticationService
scheme = defaultScheme?.Name;
if (scheme == null)
{
- throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
+ throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found. {defaultSchemesOptionsMsg}");
}
}
@@ -220,7 +221,7 @@ public class AuthenticationService : IAuthenticationService
scheme = defaultScheme?.Name;
if (scheme == null)
{
- throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignOutScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).");
+ throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignOutScheme found. {defaultSchemesOptionsMsg}");
}
}
diff --git a/src/Security/Authentication/Core/src/AuthenticationConfigurationProviderExtensions.cs b/src/Security/Authentication/Core/src/AuthenticationConfigurationProviderExtensions.cs
index ccca635be8303f129c922d443af009d8072a9968..2002ff02f35d61b5bef4093ea820e6243645e974 100644
--- a/src/Security/Authentication/Core/src/AuthenticationConfigurationProviderExtensions.cs
+++ b/src/Security/Authentication/Core/src/AuthenticationConfigurationProviderExtensions.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNetCore.Authentication;
/// </summary>
public static class AuthenticationConfigurationProviderExtensions
{
- private const string AuthenticationSchemesKey = "Authentication:Schemes";
+ private const string AuthenticationSchemesKey = "Schemes";
/// <summary>
/// Returns the specified <see cref="IConfiguration"/> object.
diff --git a/src/Security/Authentication/test/AuthenticationMiddlewareTests.cs b/src/Security/Authentication/test/AuthenticationMiddlewareTests.cs
index 422a4e633f434de722d1a737c451f00e118fcffb..9c11dc1e35c1b17388f95c6326122833effd6e16 100644
--- a/src/Security/Authentication/test/AuthenticationMiddlewareTests.cs
+++ b/src/Security/Authentication/test/AuthenticationMiddlewareTests.cs
@@ -11,6 +11,7 @@ using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
using Moq;
namespace Microsoft.AspNetCore.Authentication;
@@ -156,6 +157,11 @@ public class AuthenticationMiddlewareTests
public async Task WebApplicationBuilder_RegistersAuthenticationMiddlewares()
{
var builder = WebApplication.CreateBuilder();
+ builder.Configuration.AddInMemoryCollection(new[]
+ {
+ new KeyValuePair<string, string>("Authentication:Schemes:Bearer:ClaimsIssuer", "SomeIssuer"),
+ new KeyValuePair<string, string>("Authentication:Schemes:Bearer:Audiences:0", "https://localhost:5001")
+ });
builder.Authentication.AddJwtBearer();
await using var app = builder.Build();
@@ -169,6 +175,10 @@ public class AuthenticationMiddlewareTests
await app.StartAsync();
Assert.True(app.Properties.ContainsKey("__AuthenticationMiddlewareSet"));
+
+ var options = app.Services.GetService<IOptionsMonitor<JwtBearerOptions>>().Get(JwtBearerDefaults.AuthenticationScheme);
+ Assert.Equal(new[] { "SomeIssuer" }, options.TokenValidationParameters.ValidIssuers);
+ Assert.Equal(new[] { "https://localhost:5001" }, options.TokenValidationParameters.ValidAudiences);
}
private HttpContext GetHttpContext(
diff --git a/src/Tools/dotnet-user-jwts/src/Commands/ClearCommand.cs b/src/Tools/dotnet-user-jwts/src/Commands/ClearCommand.cs
index abc01f770e3dd0100f28162b5ee5ece245795350..2b977e3f6313043abacbdc408ffe34bae01e94aa 100644
--- a/src/Tools/dotnet-user-jwts/src/Commands/ClearCommand.cs
+++ b/src/Tools/dotnet-user-jwts/src/Commands/ClearCommand.cs
@@ -45,7 +45,7 @@ internal sealed class ClearCommand
if (!force)
{
- reporter.Output(Resources.ClearCommand_Permission);
+ reporter.Output(Resources.FormatClearCommand_Permission(count, project));
reporter.Output("[Y]es / [N]o");
if (Console.ReadLine().Trim().ToUpperInvariant() != "Y")
{
diff --git a/src/Tools/dotnet-user-jwts/src/Helpers/JwtAuthenticationSchemeSettings.cs b/src/Tools/dotnet-user-jwts/src/Helpers/JwtAuthenticationSchemeSettings.cs
index b8108f5294c7af6a9dd9237abad2be6daa599346..77f95e6df13e4cf2502da099664e25b72c633974 100644
--- a/src/Tools/dotnet-user-jwts/src/Helpers/JwtAuthenticationSchemeSettings.cs
+++ b/src/Tools/dotnet-user-jwts/src/Helpers/JwtAuthenticationSchemeSettings.cs
@@ -10,6 +10,7 @@ namespace Microsoft.AspNetCore.Authentication.JwtBearer.Tools;
internal sealed record JwtAuthenticationSchemeSettings(string SchemeName, List<string> Audiences, string ClaimsIssuer)
{
private const string AuthenticationKey = "Authentication";
+ private const string DefaultSchemeKey = "DefaultScheme";
private const string SchemesKey = "Schemes";
private static readonly JsonSerializerOptions _jsonSerializerOptions = new JsonSerializerOptions
@@ -35,7 +36,7 @@ internal sealed record JwtAuthenticationSchemeSettings(string SchemeName, List<s
{
// If a scheme with the same name has already been registered, we
// override with the latest token's options
- schemes[SchemeName] = settingsObject;
+ schemes[SchemeName] = settingsObject;
}
else
{
@@ -56,6 +57,15 @@ internal sealed record JwtAuthenticationSchemeSettings(string SchemeName, List<s
};
}
+ // Set the DefaultScheme if it has not already been set
+ // and only a single scheme has been configured thus far
+ if (config[AuthenticationKey][DefaultSchemeKey] is null
+ && config[AuthenticationKey][SchemesKey] is JsonObject setSchemes
+ && setSchemes.Count == 1)
+ {
+ config[AuthenticationKey][DefaultSchemeKey] = SchemeName;
+ }
+
using var writer = new FileStream(filePath, FileMode.Open, FileAccess.Write);
JsonSerializer.Serialize(writer, config, _jsonSerializerOptions);
}
@@ -70,6 +80,11 @@ internal sealed record JwtAuthenticationSchemeSettings(string SchemeName, List<s
authentication[SchemesKey] is JsonObject schemes)
{
schemes.Remove(name);
+ if (authentication[DefaultSchemeKey] is JsonValue defaultScheme
+ && defaultScheme.GetValue<string>() == name)
+ {
+ authentication.Remove(DefaultSchemeKey);
+ }
}
using var writer = new FileStream(filePath, FileMode.Create, FileAccess.Write);
diff --git a/src/Tools/dotnet-user-jwts/test/UserJwtsTestFixture.cs b/src/Tools/dotnet-user-jwts/test/UserJwtsTestFixture.cs
index c4364d33cb020295eb32cb4a5fbc543cde96194e..1e14b7d5d6753264fa7df857a0750ea6cbfb3561 100644
--- a/src/Tools/dotnet-user-jwts/test/UserJwtsTestFixture.cs
+++ b/src/Tools/dotnet-user-jwts/test/UserJwtsTestFixture.cs
@@ -62,7 +62,7 @@ public class UserJwtsTestFixture : IDisposable
}
}";
- public string CreateProject(bool hasSecret = true)
+ public string CreateProject(bool hasSecret = true, string appSettingsContent = "{}")
{
var projectPath = Directory.CreateDirectory(Path.Combine(Path.GetTempPath(), "userjwtstest", Guid.NewGuid().ToString()));
Directory.CreateDirectory(Path.Combine(projectPath.FullName, "Properties"));
@@ -81,7 +81,7 @@ public class UserJwtsTestFixture : IDisposable
File.WriteAllText(
Path.Combine(projectPath.FullName, "appsettings.Development.json"),
- "{}");
+ appSettingsContent);
if (hasSecret)
{
diff --git a/src/Tools/dotnet-user-jwts/test/UserJwtsTests.cs b/src/Tools/dotnet-user-jwts/test/UserJwtsTests.cs
index 8947aa2234f15ca3cc6b6a9cc623c73137a62d95..3c35b0085ec18814f80567ac2c13f97c2e105469 100644
--- a/src/Tools/dotnet-user-jwts/test/UserJwtsTests.cs
+++ b/src/Tools/dotnet-user-jwts/test/UserJwtsTests.cs
@@ -67,15 +67,61 @@ public class UserJwtsTests : IClassFixture<UserJwtsTestFixture>
}
[Fact]
- public void Create_WritesGeneratedTokenToDisk()
+ public async Task Create_SetsDefaultSchemeIfNoOtherSchemesSet()
{
var project = Path.Combine(_fixture.CreateProject(), "TestProject.csproj");
- var appsettings = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
+ var appSettingsPath = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
var app = new Program(_console);
app.Run(new[] { "create", "--project", project });
Assert.Contains("New JWT saved", _console.GetOutput());
- Assert.Contains("dotnet-user-jwts", File.ReadAllText(appsettings));
+
+ using FileStream openStream = File.OpenRead(appSettingsPath);
+ var appSettingsFile = await JsonSerializer.DeserializeAsync<JsonObject>(openStream);
+
+ Assert.True(appSettingsFile.TryGetPropertyValue("Authentication", out var authentication));
+ Assert.Equal("Bearer", authentication["DefaultScheme"].GetValue<string>());
+ Assert.Equal("dotnet-user-jwts", authentication["Schemes"]["Bearer"]["ClaimsIssuer"].GetValue<string>());
+ }
+
+ [Fact]
+ public async Task Create_DoesNotOverrideDefaultSchemeIfAlreadySet()
+ {
+ var project = Path.Combine(_fixture.CreateProject(
+ hasSecret: true,
+ appSettingsContent: @"{ ""Authentication"": { ""DefaultScheme"": ""foobar"" } }"), "TestProject.csproj");
+ var appSettingsPath = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
+ var app = new Program(_console);
+
+ app.Run(new[] { "create", "--project", project });
+ Assert.Contains("New JWT saved", _console.GetOutput());
+
+ using FileStream openStream = File.OpenRead(appSettingsPath);
+ var appSettingsFile = await JsonSerializer.DeserializeAsync<JsonObject>(openStream);
+
+ Assert.True(appSettingsFile.TryGetPropertyValue("Authentication", out var authentication));
+ Assert.Equal("foobar", authentication["DefaultScheme"].GetValue<string>()); //foobar not Bearer
+ Assert.Equal("dotnet-user-jwts", authentication["Schemes"]["Bearer"]["ClaimsIssuer"].GetValue<string>());
+ }
+
+ [Fact]
+ public async Task Create_DoesNotSetDefaultSchemeIfMultipleSchemesConfigured()
+ {
+ var project = Path.Combine(_fixture.CreateProject(
+ hasSecret: true,
+ appSettingsContent: @"{ ""Authentication"": { ""Schemes"": { ""foobar"" : { } } } }"), "TestProject.csproj");
+ var appSettingsPath = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
+ var app = new Program(_console);
+
+ app.Run(new[] { "create", "--project", project });
+ Assert.Contains("New JWT saved", _console.GetOutput());
+
+ using FileStream openStream = File.OpenRead(appSettingsPath);
+ var appSettingsFile = await JsonSerializer.DeserializeAsync<JsonObject>(openStream);
+
+ Assert.True(appSettingsFile.TryGetPropertyValue("Authentication", out var authentication));
+ Assert.Null(authentication["DefaultScheme"]); // Should not be set beause 2 schemes configured
+ Assert.Equal("dotnet-user-jwts", authentication["Schemes"]["Bearer"]["ClaimsIssuer"].GetValue<string>());
}
[Fact]
@@ -92,7 +138,6 @@ public class UserJwtsTests : IClassFixture<UserJwtsTestFixture>
public void List_ReturnsIdForGeneratedToken()
{
var project = Path.Combine(_fixture.CreateProject(), "TestProject.csproj");
- var appsettings = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
var app = new Program(_console);
app.Run(new[] { "create", "--project", project, "--scheme", "MyCustomScheme" });
@@ -103,10 +148,10 @@ public class UserJwtsTests : IClassFixture<UserJwtsTestFixture>
}
[Fact]
- public void Remove_RemovesGeneratedToken()
+ public async Task Remove_RemovesGeneratedToken()
{
var project = Path.Combine(_fixture.CreateProject(), "TestProject.csproj");
- var appsettings = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
+ var appSettingsPath = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
var app = new Program(_console);
app.Run(new[] { "create", "--project", project });
@@ -115,16 +160,45 @@ public class UserJwtsTests : IClassFixture<UserJwtsTestFixture>
app.Run(new[] { "create", "--project", project, "--scheme", "Scheme2" });
app.Run(new[] { "remove", id, "--project", project });
- var appsettingsContent = File.ReadAllText(appsettings);
- Assert.DoesNotContain("Bearer", appsettingsContent);
- Assert.Contains("Scheme2", appsettingsContent);
+
+ using FileStream openStream = File.OpenRead(appSettingsPath);
+ var appSettingsFile = await JsonSerializer.DeserializeAsync<JsonObject>(openStream);
+
+ Assert.True(appSettingsFile.TryGetPropertyValue("Authentication", out var authentication));
+ Assert.Null(authentication["Schemes"]["Bearer"]);
+ Assert.NotNull(authentication["Schemes"]["Scheme2"]);
+ Assert.Null(authentication["DefaultScheme"]);
+ }
+
+ [Fact]
+ public async Task Remove_DoesNotUnsetDefaultSchemeIfNoMatch()
+ {
+ var project = Path.Combine(_fixture.CreateProject(), "TestProject.csproj");
+ var appSettingsPath = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
+ var app = new Program(_console);
+
+ app.Run(new[] { "create", "--project", project });
+ _console.ClearOutput();
+ app.Run(new[] { "create", "--project", project, "--scheme", "Scheme2" });
+ var matches = Regex.Matches(_console.GetOutput(), "New JWT saved with ID '(.*?)'");
+ var id = matches.SingleOrDefault().Groups[1].Value;
+
+ app.Run(new[] { "remove", id, "--project", project });
+
+ using FileStream openStream = File.OpenRead(appSettingsPath);
+ var appSettingsFile = await JsonSerializer.DeserializeAsync<JsonObject>(openStream);
+
+ Assert.True(appSettingsFile.TryGetPropertyValue("Authentication", out var authentication));
+ Assert.NotNull(authentication["Schemes"]["Bearer"]);
+ Assert.Null(authentication["Schemes"]["Scheme2"]);
+ Assert.NotNull(authentication["DefaultScheme"]); // We haven't removed the Bearer scheme so it's still the default
}
[Fact]
- public void Clear_RemovesGeneratedTokens()
+ public async Task Clear_RemovesGeneratedTokens()
{
var project = Path.Combine(_fixture.CreateProject(), "TestProject.csproj");
- var appsettings = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
+ var appSettingsPath = Path.Combine(Path.GetDirectoryName(project), "appsettings.Development.json");
var app = new Program(_console);
app.Run(new[] { "create", "--project", project });
@@ -133,9 +207,14 @@ public class UserJwtsTests : IClassFixture<UserJwtsTestFixture>
Assert.Contains("New JWT saved", _console.GetOutput());
app.Run(new[] { "clear", "--project", project, "--force" });
- var appsettingsContent = File.ReadAllText(appsettings);
- Assert.DoesNotContain("Bearer", appsettingsContent);
- Assert.DoesNotContain("Scheme2", appsettingsContent);
+
+ using FileStream openStream = File.OpenRead(appSettingsPath);
+ var appSettingsFile = await JsonSerializer.DeserializeAsync<JsonObject>(openStream);
+
+ Assert.True(appSettingsFile.TryGetPropertyValue("Authentication", out var authentication));
+ Assert.Null(authentication["Schemes"]["Bearer"]);
+ Assert.Null(authentication["Schemes"]["Scheme2"]);
+ Assert.Null(authentication["DefaultScheme"]);
}
[Fact]