Fix auto-registeration of authN and authZ middlewares (#42250)

captainsafia · web-flow · commit 189a4cea8dd5 · 2022-06-17T21:47:12.000Z
* Fix auto-registeration of authN and authZ middlewares

* Update tests

* Apply suggestions from code review

* Spruce up tests
diff --git a/src/DefaultBuilder/src/WebApplicationBuilder.cs b/src/DefaultBuilder/src/WebApplicationBuilder.cs
@@ -180,8 +180,11 @@ private void ConfigureApplication(WebHostBuilderContext context, IApplicationBui
             // Don't add more than one instance of the middleware
             if (!_builtApplication.Properties.ContainsKey(AuthenticationMiddlewareSetKey))
             {
-                _builtApplication.UseAuthentication();
-                _builtApplication.UseAuthorization();
+                // The Use invocations will set the property on the outer pipeline,
+                // but we want to set it on the inner pipeline as well
+                _builtApplication.Properties[AuthenticationMiddlewareSetKey] = true;
+                app.UseAuthentication();
+                app.UseAuthorization();
             }
         }
 
diff --git a/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/Microsoft.AspNetCore.Tests.csproj b/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/Microsoft.AspNetCore.Tests.csproj
@@ -7,6 +7,7 @@
   <ItemGroup>
     <Reference Include="Microsoft.AspNetCore" />
     <Reference Include="Microsoft.AspNetCore.TestHost" />
+    <Reference Include="Microsoft.AspNetCore.Authorization.Policy" />
     <Content Include="Microsoft.AspNetCore.TestHost.StaticWebAssets.xml" CopyToOutputDirectory="PreserveNewest" />
   </ItemGroup>
 
diff --git a/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/WebApplicationTests.cs b/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/WebApplicationTests.cs
@@ -5,8 +5,13 @@
 using System.Diagnostics;
 using System.Diagnostics.Tracing;
 using System.Net;
+using System.Net.Http;
 using System.Reflection;
+using System.Security.Claims;
 using System.Text;
+using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.HostFiltering;
 using Microsoft.AspNetCore.Hosting;
@@ -1976,6 +1981,73 @@ public void CanObserveDefaultServicesInServiceCollection()
         Assert.Contains(builder.Services, service => service.ServiceType == typeof(ILogger<>));
     }
 
+    [Fact]
+    public async Task RegisterAuthMiddlewaresCorrectly()
+    {
+        var helloEndpointCalled = false;
+        var customMiddlewareExecuted = false;
+        var username = "foobar";
+
+        var builder = WebApplication.CreateBuilder();
+        builder.Services.AddAuthenticationCore(o =>
+        {
+            o.DefaultScheme = "testSchemeName";
+        });
+        builder.Authentication.AddScheme<AuthenticationSchemeOptions, UberHandler>("testSchemeName", "testDisplayName", _ => { });
+        builder.WebHost.UseTestServer();
+        await using var app = builder.Build();
+
+        app.Use(next =>
+        {
+            return async context =>
+            {
+                // IAuthenticationFeature is added by the authentication middleware
+                // during invocation. This middleware should run after authentication
+                // and be able to access the feature.
+                var authFeature = context.Features.Get<IAuthenticationFeature>();
+                Assert.NotNull(authFeature);
+                customMiddlewareExecuted = true;
+                Assert.Equal(username, context.User.Identity.Name);
+                await next(context);
+            };
+        });
+
+        app.MapGet("/hello", (ClaimsPrincipal user) =>
+        {
+            helloEndpointCalled = true;
+            Assert.Equal(username, user.Identity.Name);
+        }).AllowAnonymous();
+
+        await app.StartAsync();
+        var client = app.GetTestClient();
+        await client.GetStringAsync($"/hello?username={username}");
+
+        Assert.True(helloEndpointCalled);
+        Assert.True(customMiddlewareExecuted);
+    }
+
+    private class UberHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+    {
+        public UberHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock) { }
+
+        protected override Task HandleChallengeAsync(AuthenticationProperties properties) => Task.CompletedTask;
+
+        protected override Task HandleForbiddenAsync(AuthenticationProperties properties) => Task.CompletedTask;
+
+        public Task<bool> HandleRequestAsync() => Task.FromResult(false);
+
+        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            var username = Request.Query["username"];
+            var principal = new ClaimsPrincipal();
+            var id = new ClaimsIdentity();
+            id.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, username));
+            principal.AddIdentity(id);
+            return Task.FromResult(AuthenticateResult.Success(
+                new AuthenticationTicket(principal, "custom")));
+        }
+    }
+
     public class RandomConfigurationSource : IConfigurationSource
     {
         public int ProvidersBuilt { get; set; }

Original file line number	Diff line number	Diff line change
`@@ -180,8 +180,11 @@ private void ConfigureApplication(WebHostBuilderContext context, IApplicationBui`
`180`	`180`	`// Don't add more than one instance of the middleware`
`181`	`181`	`if (!_builtApplication.Properties.ContainsKey(AuthenticationMiddlewareSetKey))`
`182`	`182`	`{`
`183`		`- _builtApplication.UseAuthentication();`
`184`		`- _builtApplication.UseAuthorization();`
	`183`	`+ // The Use invocations will set the property on the outer pipeline,`
	`184`	`+ // but we want to set it on the inner pipeline as well`
	`185`	`+ _builtApplication.Properties[AuthenticationMiddlewareSetKey] = true;`
	`186`	`+ app.UseAuthentication();`
	`187`	`+ app.UseAuthorization();`
`185`	`188`	`}`
`186`	`189`	`}`
`187`	`190`