Inconsistent requirement to specify auth scheme #23325
Labels
area-mvc
Includes: MVC, Actions and Controllers, Localization, CORS, most templates
bug
This issue describes a behavior which is not expected - a bug.
Done
This issue has been fixed
good first issue
Good for newcomers.
help wanted
Up for grabs. We would accept a PR to help resolve this issue
Milestone
Comments
Tratcher
added
bug
javiercn
added
good first issue
|
@Tratcher just to be clear, you are asking to add two additional overloads, not to change the existing ones. Is that correct? |
|
Add two new ones, and the existing two should accept a null scheme. |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
MVC provides several ActionResults for interacting with the authentication infrastructure.
These mirror and call similar methods on the HttpContext:
https://github.com/dotnet/aspnetcore/blob/5155e11120cf7ee2e07383225057f66512f00fde/src/Http/Authentication.Abstractions/src/AuthenticationHttpContextExtensions.cs
Problem: These results and their associated methods are inconsistent about their requirement to specify the AuthenticationScheme. E.g. ChallengeResult, ForbidResult, and SignOutResult do not require an auth scheme to be specified, but SignInResult does. The authentication scheme is optional on all of the underlying HttpContext APIs, falling back to the application defaults for each.
Proposal: AuthenticationScheme should be optional for SignInResult as well, and ControllerBase should add the appropriate overload to match.
This makes the APIs consistent and reduces the verbosity in the Actions.
Example in the wild:
https://github.com/AzureAD/microsoft-identity-web/blob/17f48c62410e08ea0d4c1fdb4f15a0713ed7f00c/src/Microsoft.Identity.Web.UI/Areas/MicrosoftIdentity/Controllers/AccountController.cs#L41-L48
The text was updated successfully, but these errors were encountered: