This repository was archived by the owner on Nov 1, 2018. It is now read-only.
Only register the auth handler based on the environment variable #371
Comments
15 tasks
|
@muratg we should do this for preview3 |
Tratcher
added a commit
that referenced
this issue
Jun 5, 2017
Tratcher
added a commit
that referenced
this issue
Jun 5, 2017
Tratcher
added a commit
that referenced
this issue
Jun 5, 2017
Tratcher
added a commit
that referenced
this issue
Jun 5, 2017
|
Can this be removed from the Cookies sample now https://github.com/aspnet/Security/blob/dev/samples/CookieSample/Startup.cs#L17-L21 @Tratcher |
|
True, but the sample is more helpful if we leave it in. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
aspnet/AspNetCoreModule#82
ANCM now has an environment variable (ASPNETCORE_IIS_HTTPAUTH=Anonymous;Basic;Windows or None.) indicating if windows auth is enabled. Only register the auth handler if windows or basic are enabled, or if the variable is not found (back compat).
This will make the default-to-only-handler more useful by not registering an unneeded handler (e.g. default to Bearer). This will also make the behavior between IIS and HttpSys more consistent. Users were often confused when calling Challenge without an auth middleware caused a 401 on IIS, but threw an InvalidOperationException on Kestrel.
The text was updated successfully, but these errors were encountered: