Skip to content

SignInAsync will throw by default when given an unauthenticated identity #14929

New issue
New issue
Closed
#15044
Closed
SignInAsync will throw by default when given an unauthenticated identity#14929
#15044
Assignees
scottaddie
Labels
breaking-changeIndicates a .NET Core breaking change
@ajaybhargavb

Description

@ajaybhargavb
ajaybhargavb
opened on Oct 3, 2019

SignInAsync will throw by default when given an unauthenticated identity

SignInAsync will now throw by default for principals/identities where IsAuthenticated = false.

Version introduced

3.0

Old behavior

SignInAsync would accept any principals/identities, this included identities where IsAuthenticated = false.

New behavior

SignInAsync will now throw by default for principals/identities where IsAuthenticated = false. There is a new flag to toggle this behavior. but the default behavior has changed.

Reason for change

The old behavior was problematic because by default these principals would get rejected by [Authorize]/RequireAuthenticatedUser().

Recommended action

There is a new flag on AuthenticationOptions called RequireAuthenticatedSignIn which is true by default as of 3.0-preview6. Turning this off would revert it back to the old behavior.

Category

ASP.NET Core

Affected APIs

Not detectable via API analysis

Issue metadata

  • Issue type: breaking-change

Metadata

Metadata

Assignees

Labels

breaking-changeIndicates a .NET Core breaking change

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions