No authenticationScheme was specified, and there was no DefaultChallengeScheme found Cookies Authentication

Asked 18/9, 2017 at 7:25 Answered 28/11, 2017 at 10:6

I am using the below code for authentication in ASP.NET Core 2.0 using cookies

services
    .AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie("MyCookieMiddlewareInstance", options =>
    {
        options.AccessDeniedPath = new PathString("/Account/Login");
        options.LoginPath = new PathString("/Account/Login");
        options.LogoutPath = new PathString("/Account/LogOff");
    });

I am getting an error:

No authenticationScheme was specified, and there was no DefaultChallengeScheme found

The cookies setup is below:

var claims = new List<Claim>
{
    new Claim(ClaimTypes.NameIdentifier, userId.ToString()),
    new Claim(ClaimTypes.Name, userName)
};

var identity = new ClaimsIdentity(claims, "Forms");
identity.AddClaim(new Claim(ClaimTypes.Role, "ADMIN"));
var principal = new ClaimsPrincipal(identity);
HttpContext.Authentication.SignInAsync("MyCookieMiddlewareInstance", principal, new AuthenticationProperties
{
    IsPersistent = isPersistent,
    ExpiresUtc = DateTime.UtcNow.AddYears(1)
});

I did some research and didn't find the solution. Here is a link to the doc I used:

Can anyone please let me know how can I resolve this issue?

Latvian answered 18/9, 2017 at 7:25 Comment(1)

Possible duplicate of ASP.NET Core 2.0 authentication middleware – Iceskate 28/11, 2017 at 10:4

authenticationBuilder.AddCookie("MyCookieMiddlewareInstance", …)

This registers a cookie authentication handler using the authentication scheme name "MyCookieMiddlewareInstance". So whenever you are referring to the cookie authentication scheme, you will need to use that exact name, otherwise you will not find the scheme.

However, in the AddAuthentication call, you are using a different scheme name:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)

This registers the CookieAuthenticationDefaults.AuthenticationScheme, which has the constant value "Cookies", as the default authentication scheme. But a scheme with that name is never registered! Instead, there’s only a "MyCookieMiddlewareInstance".

So the solution is to simply use the same name for both calls. You can also just use the defaults, and remove the explicit names; if you don’t have multiple schemes and need more control, there isn’t really a need to explicitly set their names.

Dactylic answered 18/9, 2017 at 18:19 Comment(3)

For me only the default works. Changing both values leads to the same error. Are there any other "hidden" locations where I have to change it as well. – Castleberry 28/6, 2019 at 7:18

So both the scheme name and the default scheme name are the same? Do you use other authentication related things, like Identity? Or do you just have a single authentication scheme registered? – Dactylic 28/6, 2019 at 8:36

I think it was using AddCookie without providing any scheme there. My bad! – Castleberry 28/6, 2019 at 9:50

For those who land on this and leave frustrated, my advice is take a look at the answer to this question: ASP.NET Core 2.0 authentication middleware

Without re-iterating what you find there too much it seems this issue is related to the changes in security between ASP.Net Core 1 and 2. Certainly, the advice there resolved my own issues. It's also worth taking a look at this blog post: https://ignas.me/tech/custom-authentication-asp-net-core-20/ (which I suspect was written based on that SO answer)

Iceskate answered 28/11, 2017 at 10:6 Comment(4)

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - From Review – Tedmund 28/11, 2017 at 10:32

If you mean the link the SO answer then that presumably will live as long as SO does? I'd be happy to remove the link to the blog post; it's essentially a re-iteration of the SO answer in the first place so it doesn't really add much. But it probably does no harm either. – Iceskate 28/11, 2017 at 13:10

Not really, if the SO content on that anser changes, then this answer is no longer valid.Typically you can leave the links, but copy essential parts from the link which will stay here, should the link content change. – Tedmund 28/11, 2017 at 13:14

I don't really want to do that since I've marked this question as a possible duplicate of the SO question I've referenced. I could copy-paste the answer that's there across to my answer but I think it makes more sense for the other answer (which already has more points) to be adopted as the default. – Iceskate 28/11, 2017 at 13:56

-2

HttpContext.Authentication is obsolete in ASP.net core 2.0, so instead HttpContext.Authentication.SignInAsync use HttpContext.SignInAsync

Dehydrate answered 18/9, 2017 at 12:35 Comment(2)

True, but very irrelevant to OP’s problem. Obsolete also does not mean it’s no longer working. – Dactylic 18/9, 2017 at 18:23

As far as I remember it's start working for me after that change. – Dehydrate 19/9, 2017 at 5:18

Recommended topics

Hot tags