JsonAPI Middleware breaks authentication middleware

[mmatonok]

Description

There is a problem in initialization middleware for JsonAPI and order.
All works fine untl authentication [Authorize] attribute in controller is setup.

After [Authorize] attribute is setup:

1. in case UseJsonAPI is used before app.UseAuthentication() , system is not able to find authentiation middleware. custome error handler works.
   Below error is received for jsonapi controllers also no-json api controller where authentication is enabled.

{
"ErrorCode": 0,
"FriendlyMessage": "Endpoint xxxxxxxxController.GetAsync (xxxxxxx contains authorization metadata, but a middleware was not found that supports authorization.\nConfigure your application startup by adding app.UseAuthorization() inside the call to Configure(..) in the application startup code. The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...)."
}

2. in cas UseJsonApi is used after .Useendpoints()..., JsonApi , attached error is received.
   also custom error handler ( not jsonapi ) does not work
   Note: no-jsonapi controllers with authentication in this case works fine.
   ...

Environment

• JsonApiDotNetCore Version: 4.0.0 - alpha4
• Other Relevant Package Versions: .net core 3.1
  error2.txt

tnx.
m

[mmatonok]

Update:
Based on core review in master branch seems in next version that will be solved by additional skipregistration... parameters.

Workeround for now:
I used instead app.UseJsonAPI()
app.UseMiddleware();

M

[josemojena]

I'm facing the same problem, what do you mean when you said "app.UseMiddleware()"

[fdlane]

The startup has changed a bit begining with v4.0.0-alpha5. If you are using this version or later from master, try something like the following:

 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {     
      app.UseHttpsRedirection();
      app.UseRouting();
      app.UseAuthentication();
      app.UseAuthorization();
      app.UseJsonApi();
      app.UseEndpoints(endpoints => endpoints.MapControllers());
    }

Reviewing this section of the docs or the startups from the example projects as they have been recently updated.

[josemojena]

I'm Sorry but only works by disabling the security, here is the important part of the error message:

contains authorization metadata, but a middleware was not found that supports authorization. Configure your application startup by adding app.UseAuthorization() inside the call to Configure(..) in the application startup code. The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...).

Here is my Configure method:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            app.UseRouting();
            //adding security
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseJsonApi();
            app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
        }

[josemojena]

Do you have an example using authorization and authentication middleware along with [Authorize] attribute inside controllers?

[bart-degreed]

@josemojena You already noticed this was changed in alpha5 by providing skipregistration parameters. The version in master branch no longer has those, which matches the example from @fdlane where you are in full control.

I'd recommend to upgrade to alpha5 and use the flags for now.

[josemojena]

@bart-degreed solved using skipregistration parameters, thanks.