Apr 10, 2018 11:30 AM|noJedi|LINK
Agreed that you suggested the multiple items... well done.
My observation was that ORDER matters even in the list.
ie: [Authorize(AuthenticationSchemes = "Bearer,Identity.Application")] this works
This does not and results in same outcome of "empty" identity
[Authorize(AuthenticationSchemes = "Identity.Application,Bearer")]
I've read the docs (https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x) and perhaps the solution is to ?somehow? NOT use the "Identity.Application" cookie default and rebuild the "Cookies" element myself to ensure
that the Auth "order" is JwtBearer THEN Cookies, to solve the issue of checking Bearer first and then falling back to cookie...
Yes the source is open but unless I've missed a really good tutorial, its not THAT easy to decipher where the bits you are interested in actually are... is there a source browser or technique you can advise to help me get to grips with it (or is it just
a matter of sifting through it manually)?
Yes I think you are right that the "default behaviour of Core is very much order of ADD = Order of Operations/pipeline" but my issue is that it seems like you need to configure the Identity stuff before you start doing all the Auth (just from tutorials and
examples, so this could be a mistake on my part) and can't add Identity AFTER JwtBearerAuth in this way...?