autheticate.fail not able to redirect to unauthorize asp.net core authentication












0















Enabled windows authentication in my application



the below is my handler code



public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
private readonly IUser _userService;
public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock,
IUser UserService
) : base(options, logger, encoder, clock)
{
_userService = UserService;
}
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
var a = Request.HttpContext.User.Identity.Name;

User user = null;
user = await _userService.IsAuthenicated(a, "");
// Context.Response.StatusCode = StatusCodes.Status401Unauthorized;
// Context.res = new RedirectToActionResult("Index", "Home", null);
//Context.Response.StatusCode = StatusCodes.Status401Unauthorized;

if (user == null)
{

return AuthenticateResult.Fail("Invalid Username or Password");
}
var claims = new {
new Claim(ClaimTypes.NameIdentifier,user.UserName),
new Claim(ClaimTypes.Name, user.UserName),
};

var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);


return AuthenticateResult.Success(ticket);
}
}


autheticateresult.fail make a loop ask for windows credential and not redirect to custom error page.
while i tried with anomyouns its working fine.










share|improve this question





























    0















    Enabled windows authentication in my application



    the below is my handler code



    public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
    {
    private readonly IUser _userService;
    public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
    ILoggerFactory logger,
    UrlEncoder encoder,
    ISystemClock clock,
    IUser UserService
    ) : base(options, logger, encoder, clock)
    {
    _userService = UserService;
    }
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
    var a = Request.HttpContext.User.Identity.Name;

    User user = null;
    user = await _userService.IsAuthenicated(a, "");
    // Context.Response.StatusCode = StatusCodes.Status401Unauthorized;
    // Context.res = new RedirectToActionResult("Index", "Home", null);
    //Context.Response.StatusCode = StatusCodes.Status401Unauthorized;

    if (user == null)
    {

    return AuthenticateResult.Fail("Invalid Username or Password");
    }
    var claims = new {
    new Claim(ClaimTypes.NameIdentifier,user.UserName),
    new Claim(ClaimTypes.Name, user.UserName),
    };

    var identity = new ClaimsIdentity(claims, Scheme.Name);
    var principal = new ClaimsPrincipal(identity);
    var ticket = new AuthenticationTicket(principal, Scheme.Name);


    return AuthenticateResult.Success(ticket);
    }
    }


    autheticateresult.fail make a loop ask for windows credential and not redirect to custom error page.
    while i tried with anomyouns its working fine.










    share|improve this question



























      0












      0








      0








      Enabled windows authentication in my application



      the below is my handler code



      public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
      {
      private readonly IUser _userService;
      public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
      ILoggerFactory logger,
      UrlEncoder encoder,
      ISystemClock clock,
      IUser UserService
      ) : base(options, logger, encoder, clock)
      {
      _userService = UserService;
      }
      protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
      {
      var a = Request.HttpContext.User.Identity.Name;

      User user = null;
      user = await _userService.IsAuthenicated(a, "");
      // Context.Response.StatusCode = StatusCodes.Status401Unauthorized;
      // Context.res = new RedirectToActionResult("Index", "Home", null);
      //Context.Response.StatusCode = StatusCodes.Status401Unauthorized;

      if (user == null)
      {

      return AuthenticateResult.Fail("Invalid Username or Password");
      }
      var claims = new {
      new Claim(ClaimTypes.NameIdentifier,user.UserName),
      new Claim(ClaimTypes.Name, user.UserName),
      };

      var identity = new ClaimsIdentity(claims, Scheme.Name);
      var principal = new ClaimsPrincipal(identity);
      var ticket = new AuthenticationTicket(principal, Scheme.Name);


      return AuthenticateResult.Success(ticket);
      }
      }


      autheticateresult.fail make a loop ask for windows credential and not redirect to custom error page.
      while i tried with anomyouns its working fine.










      share|improve this question
















      Enabled windows authentication in my application



      the below is my handler code



      public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
      {
      private readonly IUser _userService;
      public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
      ILoggerFactory logger,
      UrlEncoder encoder,
      ISystemClock clock,
      IUser UserService
      ) : base(options, logger, encoder, clock)
      {
      _userService = UserService;
      }
      protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
      {
      var a = Request.HttpContext.User.Identity.Name;

      User user = null;
      user = await _userService.IsAuthenicated(a, "");
      // Context.Response.StatusCode = StatusCodes.Status401Unauthorized;
      // Context.res = new RedirectToActionResult("Index", "Home", null);
      //Context.Response.StatusCode = StatusCodes.Status401Unauthorized;

      if (user == null)
      {

      return AuthenticateResult.Fail("Invalid Username or Password");
      }
      var claims = new {
      new Claim(ClaimTypes.NameIdentifier,user.UserName),
      new Claim(ClaimTypes.Name, user.UserName),
      };

      var identity = new ClaimsIdentity(claims, Scheme.Name);
      var principal = new ClaimsPrincipal(identity);
      var ticket = new AuthenticationTicket(principal, Scheme.Name);


      return AuthenticateResult.Success(ticket);
      }
      }


      autheticateresult.fail make a loop ask for windows credential and not redirect to custom error page.
      while i tried with anomyouns its working fine.







      asp.net-core-2.0 windows-authentication






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 16 '18 at 8:24







      Ankit Mittal Learner

















      asked Nov 16 '18 at 8:19









      Ankit Mittal LearnerAnkit Mittal Learner

      54




      54
























          1 Answer
          1






          active

          oldest

          votes


















          0















          autheticateresult.fail make a loop ask for windows credential and not
          redirect to custom error page




          When calling AuthenticateResult.Fail, it will make the Windows Authentication fail, and the IIS will check the authenticaiton for loop.



          For a workaround, you could try UseStatusCodePages to rediect to error page,



                  app.UseStatusCodePages(async context => {
          if (context.HttpContext.Response.StatusCode == 401)
          {
          // your redirect
          context.HttpContext.Response.Redirect("/Home/Error");
          }
          });
          app.UseAuthentication();


          For another option, you could custom HandleChallengeAsync for BasicAuthenticationHandler.



          public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
          {
          public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
          ILoggerFactory logger,
          UrlEncoder encoder,
          ISystemClock clock
          ) : base(options, logger, encoder, clock)
          {
          }
          protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
          {
          return AuthenticateResult.Fail("Invalid Username or Password");
          }

          protected override Task HandleChallengeAsync(AuthenticationProperties properties)
          {
          Context.Response.Redirect("/Home/Error");// redirect to your error page
          return Task.CompletedTask;
          }
          }





          share|improve this answer
























          • after return AuthenticateResult.Fail Does not hit the HandleChallengeAsync is their something i missed? @Tao Zhou

            – Ankit Mittal Learner
            Nov 20 '18 at 7:31








          • 1





            @AnkitMittalLearner Is there any demo to reproduce your issue? For HandleChallengeAsync, it will be hit when you access a resource with ` [Authorize(AuthenticationSchemes = "BasicAuthentication")]` and throw fault in HandleAuthenticateAsync, if you access a resource is not secured with Authorize, it will not hit HandleChallengeAsync even if you throw Fail.

            – Tao Zhou
            Nov 20 '18 at 7:38











          • thanks its working i will also test it in success condition.

            – Ankit Mittal Learner
            Nov 20 '18 at 7:46











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53333918%2fautheticate-fail-not-able-to-redirect-to-unauthorize-asp-net-core-authentication%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0















          autheticateresult.fail make a loop ask for windows credential and not
          redirect to custom error page




          When calling AuthenticateResult.Fail, it will make the Windows Authentication fail, and the IIS will check the authenticaiton for loop.



          For a workaround, you could try UseStatusCodePages to rediect to error page,



                  app.UseStatusCodePages(async context => {
          if (context.HttpContext.Response.StatusCode == 401)
          {
          // your redirect
          context.HttpContext.Response.Redirect("/Home/Error");
          }
          });
          app.UseAuthentication();


          For another option, you could custom HandleChallengeAsync for BasicAuthenticationHandler.



          public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
          {
          public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
          ILoggerFactory logger,
          UrlEncoder encoder,
          ISystemClock clock
          ) : base(options, logger, encoder, clock)
          {
          }
          protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
          {
          return AuthenticateResult.Fail("Invalid Username or Password");
          }

          protected override Task HandleChallengeAsync(AuthenticationProperties properties)
          {
          Context.Response.Redirect("/Home/Error");// redirect to your error page
          return Task.CompletedTask;
          }
          }





          share|improve this answer
























          • after return AuthenticateResult.Fail Does not hit the HandleChallengeAsync is their something i missed? @Tao Zhou

            – Ankit Mittal Learner
            Nov 20 '18 at 7:31








          • 1





            @AnkitMittalLearner Is there any demo to reproduce your issue? For HandleChallengeAsync, it will be hit when you access a resource with ` [Authorize(AuthenticationSchemes = "BasicAuthentication")]` and throw fault in HandleAuthenticateAsync, if you access a resource is not secured with Authorize, it will not hit HandleChallengeAsync even if you throw Fail.

            – Tao Zhou
            Nov 20 '18 at 7:38











          • thanks its working i will also test it in success condition.

            – Ankit Mittal Learner
            Nov 20 '18 at 7:46
















          0















          autheticateresult.fail make a loop ask for windows credential and not
          redirect to custom error page




          When calling AuthenticateResult.Fail, it will make the Windows Authentication fail, and the IIS will check the authenticaiton for loop.



          For a workaround, you could try UseStatusCodePages to rediect to error page,



                  app.UseStatusCodePages(async context => {
          if (context.HttpContext.Response.StatusCode == 401)
          {
          // your redirect
          context.HttpContext.Response.Redirect("/Home/Error");
          }
          });
          app.UseAuthentication();


          For another option, you could custom HandleChallengeAsync for BasicAuthenticationHandler.



          public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
          {
          public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
          ILoggerFactory logger,
          UrlEncoder encoder,
          ISystemClock clock
          ) : base(options, logger, encoder, clock)
          {
          }
          protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
          {
          return AuthenticateResult.Fail("Invalid Username or Password");
          }

          protected override Task HandleChallengeAsync(AuthenticationProperties properties)
          {
          Context.Response.Redirect("/Home/Error");// redirect to your error page
          return Task.CompletedTask;
          }
          }





          share|improve this answer
























          • after return AuthenticateResult.Fail Does not hit the HandleChallengeAsync is their something i missed? @Tao Zhou

            – Ankit Mittal Learner
            Nov 20 '18 at 7:31








          • 1





            @AnkitMittalLearner Is there any demo to reproduce your issue? For HandleChallengeAsync, it will be hit when you access a resource with ` [Authorize(AuthenticationSchemes = "BasicAuthentication")]` and throw fault in HandleAuthenticateAsync, if you access a resource is not secured with Authorize, it will not hit HandleChallengeAsync even if you throw Fail.

            – Tao Zhou
            Nov 20 '18 at 7:38











          • thanks its working i will also test it in success condition.

            – Ankit Mittal Learner
            Nov 20 '18 at 7:46














          0












          0








          0








          autheticateresult.fail make a loop ask for windows credential and not
          redirect to custom error page




          When calling AuthenticateResult.Fail, it will make the Windows Authentication fail, and the IIS will check the authenticaiton for loop.



          For a workaround, you could try UseStatusCodePages to rediect to error page,



                  app.UseStatusCodePages(async context => {
          if (context.HttpContext.Response.StatusCode == 401)
          {
          // your redirect
          context.HttpContext.Response.Redirect("/Home/Error");
          }
          });
          app.UseAuthentication();


          For another option, you could custom HandleChallengeAsync for BasicAuthenticationHandler.



          public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
          {
          public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
          ILoggerFactory logger,
          UrlEncoder encoder,
          ISystemClock clock
          ) : base(options, logger, encoder, clock)
          {
          }
          protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
          {
          return AuthenticateResult.Fail("Invalid Username or Password");
          }

          protected override Task HandleChallengeAsync(AuthenticationProperties properties)
          {
          Context.Response.Redirect("/Home/Error");// redirect to your error page
          return Task.CompletedTask;
          }
          }





          share|improve this answer














          autheticateresult.fail make a loop ask for windows credential and not
          redirect to custom error page




          When calling AuthenticateResult.Fail, it will make the Windows Authentication fail, and the IIS will check the authenticaiton for loop.



          For a workaround, you could try UseStatusCodePages to rediect to error page,



                  app.UseStatusCodePages(async context => {
          if (context.HttpContext.Response.StatusCode == 401)
          {
          // your redirect
          context.HttpContext.Response.Redirect("/Home/Error");
          }
          });
          app.UseAuthentication();


          For another option, you could custom HandleChallengeAsync for BasicAuthenticationHandler.



          public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
          {
          public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
          ILoggerFactory logger,
          UrlEncoder encoder,
          ISystemClock clock
          ) : base(options, logger, encoder, clock)
          {
          }
          protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
          {
          return AuthenticateResult.Fail("Invalid Username or Password");
          }

          protected override Task HandleChallengeAsync(AuthenticationProperties properties)
          {
          Context.Response.Redirect("/Home/Error");// redirect to your error page
          return Task.CompletedTask;
          }
          }






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 19 '18 at 5:40









          Tao ZhouTao Zhou

          7,35431434




          7,35431434













          • after return AuthenticateResult.Fail Does not hit the HandleChallengeAsync is their something i missed? @Tao Zhou

            – Ankit Mittal Learner
            Nov 20 '18 at 7:31








          • 1





            @AnkitMittalLearner Is there any demo to reproduce your issue? For HandleChallengeAsync, it will be hit when you access a resource with ` [Authorize(AuthenticationSchemes = "BasicAuthentication")]` and throw fault in HandleAuthenticateAsync, if you access a resource is not secured with Authorize, it will not hit HandleChallengeAsync even if you throw Fail.

            – Tao Zhou
            Nov 20 '18 at 7:38











          • thanks its working i will also test it in success condition.

            – Ankit Mittal Learner
            Nov 20 '18 at 7:46



















          • after return AuthenticateResult.Fail Does not hit the HandleChallengeAsync is their something i missed? @Tao Zhou

            – Ankit Mittal Learner
            Nov 20 '18 at 7:31








          • 1





            @AnkitMittalLearner Is there any demo to reproduce your issue? For HandleChallengeAsync, it will be hit when you access a resource with ` [Authorize(AuthenticationSchemes = "BasicAuthentication")]` and throw fault in HandleAuthenticateAsync, if you access a resource is not secured with Authorize, it will not hit HandleChallengeAsync even if you throw Fail.

            – Tao Zhou
            Nov 20 '18 at 7:38











          • thanks its working i will also test it in success condition.

            – Ankit Mittal Learner
            Nov 20 '18 at 7:46

















          after return AuthenticateResult.Fail Does not hit the HandleChallengeAsync is their something i missed? @Tao Zhou

          – Ankit Mittal Learner
          Nov 20 '18 at 7:31







          after return AuthenticateResult.Fail Does not hit the HandleChallengeAsync is their something i missed? @Tao Zhou

          – Ankit Mittal Learner
          Nov 20 '18 at 7:31






          1




          1





          @AnkitMittalLearner Is there any demo to reproduce your issue? For HandleChallengeAsync, it will be hit when you access a resource with ` [Authorize(AuthenticationSchemes = "BasicAuthentication")]` and throw fault in HandleAuthenticateAsync, if you access a resource is not secured with Authorize, it will not hit HandleChallengeAsync even if you throw Fail.

          – Tao Zhou
          Nov 20 '18 at 7:38





          @AnkitMittalLearner Is there any demo to reproduce your issue? For HandleChallengeAsync, it will be hit when you access a resource with ` [Authorize(AuthenticationSchemes = "BasicAuthentication")]` and throw fault in HandleAuthenticateAsync, if you access a resource is not secured with Authorize, it will not hit HandleChallengeAsync even if you throw Fail.

          – Tao Zhou
          Nov 20 '18 at 7:38













          thanks its working i will also test it in success condition.

          – Ankit Mittal Learner
          Nov 20 '18 at 7:46





          thanks its working i will also test it in success condition.

          – Ankit Mittal Learner
          Nov 20 '18 at 7:46




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53333918%2fautheticate-fail-not-able-to-redirect-to-unauthorize-asp-net-core-authentication%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Bressuire

          Vorschmack

          Quarantine