This repository was archived by the owner on Dec 13, 2018. It is now read-only.
Authentication failures are not properly logged #1265
Comments
|
@Eilon can you please make sure it gets fixed for 2.0 by adding the appropriate milestone/label? |
muratg
added a commit
that referenced
this issue
Jul 3, 2017
muratg
added a commit
that referenced
this issue
Jul 4, 2017
|
Fixed with 66b9397 |
|
Ah thanks @PinpointTownes I was just scratching my head for an hour why I wouldn't get a valid ClaimsIdentity, all along our auth handler was returning failures... Great to see this fixed! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
aspnet-contrib/AspNet.Security.OAuth.Extensions#73 (comment)
The fix is simple:
AuthenticationHandler.AuthenticateAsync()should be updated to log the authentication failure when it's not null: https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs#L133Note: the issue exists in both 1.0/1.1 and 2.0 but it's more terrible in 2.0 because it also manifests when enabling automatic authentication (1.0/1.1 correctly log the failure in this case: https://github.com/aspnet/Security/blob/1.0.0/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs#L107)
/cc @HaoK
The text was updated successfully, but these errors were encountered: