fix: use manual auth scheme fallback

pandinocoder · pandinocoder · commit c5e2bcee54c8 · 2025-01-16T11:52:20.000+01:00
diff --git a/Intersect.Server/Web/Net7/ApiService.cs b/Intersect.Server/Web/Net7/ApiService.cs
@@ -43,6 +43,7 @@ namespace Intersect.Server.Web;
 
 internal partial class ApiService : ApplicationService<ServerContext, IApiService, ApiService>, IApiService
 {
+    private const string BearerCookieFallbackAuthenticationScheme = "BearerCookieFallback";
     private WebApplication? _app;
     private static readonly Assembly Assembly = typeof(ApiService).Assembly;
 
@@ -153,14 +154,7 @@ internal partial class ApiService : ApplicationService<ServerContext, IApiServic
 
         builder.Services.AddSingleton<IntersectAuthenticationManager>();
 
-        builder.Services.AddAuthentication(
-                options =>
-                {
-                    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-                }
-            )
+        builder.Services.AddAuthentication(BearerCookieFallbackAuthenticationScheme)
             .AddCookie(
                 CookieAuthenticationDefaults.AuthenticationScheme,
                 options =>
@@ -288,6 +282,15 @@ internal partial class ApiService : ApplicationService<ServerContext, IApiServic
                     SymmetricSecurityKey issuerKey = new(tokenGenerationOptions.SecretData);
                     options.TokenValidationParameters.IssuerSigningKey = issuerKey;
                 }
+            ).AddPolicyScheme(
+                BearerCookieFallbackAuthenticationScheme,
+                "Bearer-to-Cookie Fallback",
+                pso =>
+                {
+                    pso.ForwardDefaultSelector = context => context.Request.Headers.Authorization.Count > 0
+                        ? JwtBearerDefaults.AuthenticationScheme
+                        : CookieAuthenticationDefaults.AuthenticationScheme;
+                }
             );
 
         builder.Services.AddOutputCache(o => o.AddPolicy(nameof(AvatarController), AvatarController.OutputCachePolicy));
diff --git a/Intersect.Server/Web/Net7/Middleware/AuthenticationDebugMiddleware.cs b/Intersect.Server/Web/Net7/Middleware/AuthenticationDebugMiddleware.cs
@@ -28,7 +28,7 @@ public AuthenticationDebugMiddleware(RequestDelegate next, IAuthenticationScheme
     public async Task Invoke(HttpContext context)
     {
         var handlers = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();
-        var schemes = await Schemes.GetRequestHandlerSchemesAsync();
+        var schemes = (await Schemes.GetRequestHandlerSchemesAsync()).ToArray();
         foreach (var scheme in schemes)
         {
             if (await handlers.GetHandlerAsync(context, scheme.Name) is IAuthenticationRequestHandler handler &&

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public AuthenticationDebugMiddleware(RequestDelegate next, IAuthenticationScheme`
`28`	`28`	`public async Task Invoke(HttpContext context)`
`29`	`29`	`{`
`30`	`30`	`var handlers = context.RequestServices.GetRequiredService<IAuthenticationHandlerProvider>();`
`31`		`- var schemes = await Schemes.GetRequestHandlerSchemesAsync();`
	`31`	`+ var schemes = (await Schemes.GetRequestHandlerSchemesAsync()).ToArray();`
`32`	`32`	`foreach (var scheme in schemes)`
`33`	`33`	`{`
`34`	`34`	`if (await handlers.GetHandlerAsync(context, scheme.Name) is IAuthenticationRequestHandler handler &&`