diff --git a/src/Antiforgery/src/AntiforgeryApplicationBuilderExtensions.cs b/src/Antiforgery/src/AntiforgeryApplicationBuilderExtensions.cs index 646d31ad5b4d..f7498933e384 100644 --- a/src/Antiforgery/src/AntiforgeryApplicationBuilderExtensions.cs +++ b/src/Antiforgery/src/AntiforgeryApplicationBuilderExtensions.cs @@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Antiforgery; using Microsoft.AspNetCore.Antiforgery.Internal; -using Microsoft.AspNetCore.Routing; -using Microsoft.Extensions.DependencyInjection; namespace Microsoft.AspNetCore.Builder; @@ -26,19 +24,6 @@ public static IApplicationBuilder UseAntiforgery(this IApplicationBuilder builde builder.VerifyAntiforgeryServicesAreRegistered(); builder.Properties[AntiforgeryMiddlewareSetKey] = true; - - // The anti-forgery middleware adds annotations to HttpContext.Items to indicate that it has run - // that will be validated by the EndpointsRoutingMiddleware later. To do this, we need to ensure - // that routing has run and set the endpoint feature on the HttpContext associated with the request. - if (builder.Properties.TryGetValue(RerouteHelper.GlobalRouteBuilderKey, out var routeBuilder) && routeBuilder is not null) - { - return builder.Use(next => - { - var newNext = RerouteHelper.Reroute(builder, routeBuilder, next); - var antiforgery = builder.ApplicationServices.GetRequiredService(); - return new AntiforgeryMiddleware(antiforgery, newNext).Invoke; - }); - } builder.UseMiddleware(); return builder; diff --git a/src/Antiforgery/src/Microsoft.AspNetCore.Antiforgery.csproj b/src/Antiforgery/src/Microsoft.AspNetCore.Antiforgery.csproj index c30bfb7f1e63..a70a9e37c045 100644 --- a/src/Antiforgery/src/Microsoft.AspNetCore.Antiforgery.csproj +++ b/src/Antiforgery/src/Microsoft.AspNetCore.Antiforgery.csproj @@ -26,6 +26,5 @@ - diff --git a/src/DefaultBuilder/src/WebApplicationBuilder.cs b/src/DefaultBuilder/src/WebApplicationBuilder.cs index 00a2cfb8d177..c20410fe9cae 100644 --- a/src/DefaultBuilder/src/WebApplicationBuilder.cs +++ b/src/DefaultBuilder/src/WebApplicationBuilder.cs @@ -4,7 +4,6 @@ using System.Diagnostics; using System.Diagnostics.CodeAnalysis; using System.Reflection; -using Microsoft.AspNetCore.Antiforgery; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Hosting; @@ -25,7 +24,6 @@ public sealed class WebApplicationBuilder : IHostApplicationBuilder private const string EndpointRouteBuilderKey = "__EndpointRouteBuilder"; private const string AuthenticationMiddlewareSetKey = "__AuthenticationMiddlewareSet"; private const string AuthorizationMiddlewareSetKey = "__AuthorizationMiddlewareSet"; - private const string AntiforgeryMiddlewareSetKey = "__AntiforgeryMiddlewareSet"; private const string UseRoutingKey = "__UseRouting"; private readonly HostApplicationBuilder _hostApplicationBuilder; @@ -453,15 +451,6 @@ private void ConfigureApplication(WebHostBuilderContext context, IApplicationBui } } - if (serviceProviderIsService?.IsService(typeof(IAntiforgery)) is true) - { - if (!_builtApplication.Properties.ContainsKey(AntiforgeryMiddlewareSetKey)) - { - _builtApplication.Properties[AntiforgeryMiddlewareSetKey] = true; - app.UseAntiforgery(); - } - } - // Wire the source pipeline to run in the destination pipeline var wireSourcePipeline = new WireSourcePipeline(_builtApplication); app.Use(wireSourcePipeline.CreateMiddleware); diff --git a/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/WebApplicationTests.cs b/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/WebApplicationTests.cs index f92a32e0a4a1..5bdc09ecf4de 100644 --- a/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/WebApplicationTests.cs +++ b/src/DefaultBuilder/test/Microsoft.AspNetCore.Tests/WebApplicationTests.cs @@ -5,12 +5,10 @@ using System.Diagnostics; using System.Diagnostics.Tracing; using System.Net; -using System.Net.Http; using System.Reflection; using System.Security.Claims; using System.Text; using System.Text.Encodings.Web; -using Microsoft.AspNetCore.Antiforgery; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.HostFiltering; @@ -2699,7 +2697,7 @@ public void DebugView_UseMiddleware_HasMiddleware() // 3. Generated delegate name from app.Use(...) Assert.Collection(debugView.Middleware, m => Assert.Equal(typeof(MiddlewareWithInterface).FullName, m), - m => Assert.StartsWith("Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions", m), + m => Assert.Equal("Microsoft.AspNetCore.Authentication.AuthenticationMiddleware", m), m => { Assert.Contains(nameof(DebugView_UseMiddleware_HasMiddleware), m); @@ -2749,8 +2747,8 @@ public async Task DebugView_UseMiddleware_HasEndpointsAndAuth_Run_HasAutomaticMi Assert.Collection(debugView.Middleware, m => Assert.Equal("Microsoft.AspNetCore.HostFiltering.HostFilteringMiddleware", m), m => Assert.Equal("Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware", m), - m => Assert.StartsWith("Microsoft.AspNetCore.Builder.AuthAppBuilderExtensions", m), - m => Assert.StartsWith("Microsoft.AspNetCore.Builder.AuthorizationAppBuilderExtensions", m), + m => Assert.Equal("Microsoft.AspNetCore.Authentication.AuthenticationMiddleware", m), + m => Assert.Equal("Microsoft.AspNetCore.Authorization.AuthorizationMiddlewareInternal", m), m => Assert.Equal(typeof(MiddlewareWithInterface).FullName, m), m => Assert.Equal("Microsoft.AspNetCore.Routing.EndpointMiddleware", m)); } @@ -2840,374 +2838,6 @@ public async Task DebugView_Endpoints_UseEndpoints_AvailableBeforeAndAfterStart( ep => Assert.Equal("/hello", ep.Metadata.GetRequiredMetadata().Route)); } - [Fact] - public async Task ImplicitMiddlewares_RunAfterExplicitRouting_MapAction() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - builder.Services.AddAntiforgery(); - await using var app = builder.Build(); - app.UseRouting(); - app.MapGet("/", (HttpContext context, string username) => - { - Assert.NotNull(context.Items["__AuthorizationMiddlewareWithEndpointInvoked"]); - return $"GET: {username}"; - }).AllowAnonymous(); - - app.MapPost("/form", (HttpContext context, string username, [FromForm] WebApplicationOptions options) => - { - Assert.NotNull(context.Items["__AuthorizationMiddlewareWithEndpointInvoked"]); - Assert.NotNull(context.Items["__AntiforgeryMiddlewareWithEndpointInvoked"]); - return $"POST: {username}"; - }).AllowAnonymous(); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var getResponse = await client.GetAsync("/?username=test"); - getResponse.EnsureSuccessStatusCode(); - Assert.Equal("GET: test", await getResponse.Content.ReadAsStringAsync()); - - var antiforgery = app.Services.GetRequiredService(); - var antiforgeryOptions = app.Services.GetRequiredService>(); - var tokens = antiforgery.GetAndStoreTokens(new DefaultHttpContext()); - var request = new HttpRequestMessage(HttpMethod.Post, "form?username=test-form"); - request.Headers.Add("Cookie", antiforgeryOptions.Value.Cookie.Name + "=" + tokens.CookieToken); - var nameValueCollection = new List> - { - new KeyValuePair("__RequestVerificationToken", tokens.RequestToken), - }; - request.Content = new FormUrlEncodedContent(nameValueCollection); - var postResponse = await client.SendAsync(request); - postResponse.EnsureSuccessStatusCode(); - Assert.Equal("POST: test-form", await postResponse.Content.ReadAsStringAsync()); - } - - [Fact] - public async Task ExplicitMiddlewares_RunAfterExplicitRouting_MapAction() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - builder.Services.AddAntiforgery(); - await using var app = builder.Build(); - - app.UseRouting(); - app.UseAuthentication(); - app.UseAuthorization(); - app.UseAntiforgery(); - - app.MapGet("/", (HttpContext context, string username) => - { - Assert.NotNull(context.Items["__AuthorizationMiddlewareWithEndpointInvoked"]); - return $"GET: {username}"; - }).AllowAnonymous(); - - app.MapPost("/form", (HttpContext context, string username, [FromForm] WebApplicationOptions options) => - { - Assert.NotNull(context.Items["__AuthorizationMiddlewareWithEndpointInvoked"]); - Assert.NotNull(context.Items["__AntiforgeryMiddlewareWithEndpointInvoked"]); - return $"POST: {username}"; - }).AllowAnonymous(); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var getResponse = await client.GetAsync("/?username=test"); - getResponse.EnsureSuccessStatusCode(); - Assert.Equal("GET: test", await getResponse.Content.ReadAsStringAsync()); - - var antiforgery = app.Services.GetRequiredService(); - var antiforgeryOptions = app.Services.GetRequiredService>(); - var tokens = antiforgery.GetAndStoreTokens(new DefaultHttpContext()); - var request = new HttpRequestMessage(HttpMethod.Post, "form?username=test-form"); - request.Headers.Add("Cookie", antiforgeryOptions.Value.Cookie.Name + "=" + tokens.CookieToken); - var nameValueCollection = new List> - { - new KeyValuePair("__RequestVerificationToken", tokens.RequestToken), - }; - request.Content = new FormUrlEncodedContent(nameValueCollection); - var postResponse = await client.SendAsync(request); - postResponse.EnsureSuccessStatusCode(); - Assert.Equal("POST: test-form", await postResponse.Content.ReadAsStringAsync()); - } - - [Fact] - public async Task ImplicitMiddlewares_RunBeforeImplicitRouting_TerminalMiddleware() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - builder.Services.AddAntiforgery(); - - await using var app = builder.Build(); - - app.Run((HttpContext context) => - { - Assert.NotNull(context.Features.Get()); - return context.Response.WriteAsync($"Hello {context.Request.Query["username"]}!"); - }); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.GetAsync("/?username=test"); - response.EnsureSuccessStatusCode(); - Assert.Equal("Hello test!", await response.Content.ReadAsStringAsync()); - } - - [Fact] - public async Task ImplicitMiddlewares_RunBeforeImplicitRouting_Antiforgery_MapRequestDelegate() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - builder.Services.AddAntiforgery(); - - await using var app = builder.Build(); - var invoked = false; - - app.MapPost("/", (HttpContext context) => - { - Assert.NotNull(context.Features.Get()); - Assert.NotNull(context.Features.Get()); - var e = Assert.Throws(() => context.Request.Form); - Assert.Equal("This form is being accessed with an invalid anti-forgery token. Validate the `IAntiforgeryValidationFeature` on the request before reading from the form.", e.Message); - invoked = true; - }).WithMetadata(new RequireAntiforgeryTokenAttribute()).AllowAnonymous(); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.PostAsync("/?username=test", new FormUrlEncodedContent(new Dictionary())); - response.EnsureSuccessStatusCode(); - Assert.True(invoked); - } - - [Fact] - public async Task ExplicitMiddlewares_RunBeforeImplicitRouting_TerminalMiddleware() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - await using var app = builder.Build(); - app.UseAuthentication(); - app.UseAuthorization(); - app.Run((HttpContext context) => - { - Assert.NotNull(context.Features.Get()); - return context.Response.WriteAsync($"Hello {context.Request.Query["username"]}!"); - }); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.GetAsync("/?username=test"); - response.EnsureSuccessStatusCode(); - Assert.Equal("Hello test!", await response.Content.ReadAsStringAsync()); - } - - [Fact] - public async Task ExplicitMiddlewares_RunBeforeImplicitRouting_Antiforgery_MapRequestDelegate() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - builder.Services.AddAntiforgery(); - - await using var app = builder.Build(); - var invoked = false; - - app.UseAntiforgery(); - - app.MapPost("/", (HttpContext context) => - { - Assert.NotNull(context.Features.Get()); - Assert.NotNull(context.Features.Get()); - var e = Assert.Throws(() => context.Request.Form); - Assert.Equal("This form is being accessed with an invalid anti-forgery token. Validate the `IAntiforgeryValidationFeature` on the request before reading from the form.", e.Message); - invoked = true; - }).WithMetadata(new RequireAntiforgeryTokenAttribute()).AllowAnonymous(); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.PostAsync("/?username=test", new FormUrlEncodedContent(new Dictionary())); - response.EnsureSuccessStatusCode(); - Assert.True(invoked); - } - - [Fact] - public async Task ImplicitMiddlewares_RunBeforeExplicitRouting_TerminalMiddleware() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - await using var app = builder.Build(); - - app.Run((HttpContext context) => - { - Assert.NotNull(context.Features.Get()); - return context.Response.WriteAsync($"Hello {context.Request.Query["username"]}!"); - }); - - app.UseRouting(); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.GetAsync("/?username=test"); - response.EnsureSuccessStatusCode(); - Assert.Equal("Hello test!", await response.Content.ReadAsStringAsync()); - } - - [Fact] - public async Task ImplicitMiddlewares_RunBeforeExplicitRouting_Antiforgery_MapRequestDelegate() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - builder.Services.AddAntiforgery(); - - await using var app = builder.Build(); - var invoked = false; - - app.UseRouting(); - - app.MapPost("/", (HttpContext context) => - { - Assert.NotNull(context.Features.Get()); - Assert.NotNull(context.Features.Get()); - var e = Assert.Throws(() => context.Request.Form); - Assert.Equal("This form is being accessed with an invalid anti-forgery token. Validate the `IAntiforgeryValidationFeature` on the request before reading from the form.", e.Message); - invoked = true; - }).WithMetadata(new RequireAntiforgeryTokenAttribute()).AllowAnonymous(); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.PostAsync("/?username=test", new FormUrlEncodedContent(new Dictionary())); - response.EnsureSuccessStatusCode(); - Assert.True(invoked); - } - - [Fact] - public async Task ImplicitMiddlewares_RunBeforeExplicitRouting_TerminalMiddleware_AfterUseRouting() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - await using var app = builder.Build(); - - app.UseRouting(); - - var invoked = false; - - app.Run(async (HttpContext context) => - { - Assert.NotNull(context.Features.Get()); - invoked = true; - await context.Response.WriteAsync("From terminal middleware"); - }); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.GetAsync("/?username=test"); - response.EnsureSuccessStatusCode(); - Assert.True(invoked); - } - - [Fact] - public async Task ImplicitMiddlewares_RunBetween_ExplicitRouting_MiddlewareMapGet() - { - var builder = WebApplication.CreateBuilder(); - builder.WebHost.UseTestServer(); - builder.Services.AddAuthentication("testSchemeName") - .AddScheme("testSchemeName", "testDisplayName", _ => { }); - builder.Services.AddAuthorization(); - builder.Services.AddAntiforgery(); - await using var app = builder.Build(); - - app.UseRouting(); - - app.Use((context, next) => - { - if (context.Request.Path.Value != "/") - { - return next(context); - } - Assert.NotNull(context.Features.Get()); - return context.Response.WriteAsync($"From terminal middleware: {context.Request.Query["username"]}"); - }); - - app.MapGet("/endpoint", (HttpContext context, string username) => - { - Assert.NotNull(context.Items["__AuthorizationMiddlewareWithEndpointInvoked"]); - Assert.NotNull(context.Features.Get()); - return $"From endpoint: {username}"; - }).AllowAnonymous(); - - app.MapPost("/form", (HttpContext context, string username, [FromForm] WebApplicationOptions options) => - { - Assert.NotNull(context.Items["__AuthorizationMiddlewareWithEndpointInvoked"]); - Assert.NotNull(context.Features.Get()); - Assert.NotNull(context.Items["__AntiforgeryMiddlewareWithEndpointInvoked"]); - Assert.NotNull(context.Features.Get()); - return $"From form endpoint: {username}"; - }).AllowAnonymous(); - - await app.StartAsync(); - - var client = app.GetTestClient(); - var response = await client.GetAsync("/?username=test"); - response.EnsureSuccessStatusCode(); - Assert.Equal("From terminal middleware: test", await response.Content.ReadAsStringAsync()); - - var endpointResponse = await client.GetAsync("/endpoint?username=test-endpoint"); - endpointResponse.EnsureSuccessStatusCode(); - Assert.Equal("From endpoint: test-endpoint", await endpointResponse.Content.ReadAsStringAsync()); - - var antiforgery = app.Services.GetRequiredService(); - var antiforgeryOptions = app.Services.GetRequiredService>(); - var tokens = antiforgery.GetAndStoreTokens(new DefaultHttpContext()); - var request = new HttpRequestMessage(HttpMethod.Post, "form?username=test-form"); - request.Headers.Add("Cookie", antiforgeryOptions.Value.Cookie.Name + "=" + tokens.CookieToken); - var nameValueCollection = new List> - { - new KeyValuePair("__RequestVerificationToken", tokens.RequestToken), - }; - request.Content = new FormUrlEncodedContent(nameValueCollection); - var formResponse = await client.SendAsync(request); - formResponse.EnsureSuccessStatusCode(); - Assert.Equal("From form endpoint: test-form", await formResponse.Content.ReadAsStringAsync()); - } - - [AttributeUsage(AttributeTargets.Parameter)] - public class FromFormAttribute(string name = "") : Attribute, IFromFormMetadata - { - public string Name { get; } = name; - } - private class MiddlewareWithInterface : IMiddleware { public Task InvokeAsync(HttpContext context, RequestDelegate next) diff --git a/src/Mvc/test/WebSites/SimpleWebSiteWithWebApplicationBuilder/Program.cs b/src/Mvc/test/WebSites/SimpleWebSiteWithWebApplicationBuilder/Program.cs index 47733b80acc3..0d7922b3d62b 100644 --- a/src/Mvc/test/WebSites/SimpleWebSiteWithWebApplicationBuilder/Program.cs +++ b/src/Mvc/test/WebSites/SimpleWebSiteWithWebApplicationBuilder/Program.cs @@ -15,6 +15,8 @@ // just to make sure that it does not cause exceptions app.Urls.Add("http://localhost:8080"); +app.UseAntiforgery(); + app.MapControllers(); app.MapGet("/", () => "Hello World"); diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs index c241a8dd7610..69173d3e4677 100644 --- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs +++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs @@ -51,6 +51,7 @@ public static void Main(string[] args) #endif app.UseStaticFiles(); + app.UseAntiforgery(); #if (UseServer && UseWebAssembly) app.MapRazorComponents() diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs index effb8552ca35..b41e5226b2d4 100644 --- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs +++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs @@ -45,6 +45,7 @@ #endif app.UseStaticFiles(); +app.UseAntiforgery(); #if (UseServer && UseWebAssembly) app.MapRazorComponents() diff --git a/src/Security/Authentication/Core/src/AuthAppBuilderExtensions.cs b/src/Security/Authentication/Core/src/AuthAppBuilderExtensions.cs index 1c7c22da2de8..7439748979ad 100644 --- a/src/Security/Authentication/Core/src/AuthAppBuilderExtensions.cs +++ b/src/Security/Authentication/Core/src/AuthAppBuilderExtensions.cs @@ -2,8 +2,6 @@ // The .NET Foundation licenses this file to you under the MIT license. using Microsoft.AspNetCore.Authentication; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.AspNetCore.Routing; namespace Microsoft.AspNetCore.Builder; @@ -24,20 +22,6 @@ public static IApplicationBuilder UseAuthentication(this IApplicationBuilder app ArgumentNullException.ThrowIfNull(app); app.Properties[AuthenticationMiddlewareSetKey] = true; - - // The authentication middleware adds annotation to HttpContext.Items to indicate that it has run - // that will be validated by the EndpointsRoutingMiddleware later. To do this, we need to ensure - // that routing has run and set the endpoint feature on the HttpContext associated with the request. - if (app.Properties.TryGetValue(RerouteHelper.GlobalRouteBuilderKey, out var routeBuilder) && routeBuilder is not null) - { - return app.Use(next => - { - var newNext = RerouteHelper.Reroute(app, routeBuilder, next); - var authenticationSchemeProvider = app.ApplicationServices.GetRequiredService(); - return new AuthenticationMiddleware(newNext, authenticationSchemeProvider).Invoke; - }); - } - return app.UseMiddleware(); } } diff --git a/src/Security/Authentication/Core/src/Microsoft.AspNetCore.Authentication.csproj b/src/Security/Authentication/Core/src/Microsoft.AspNetCore.Authentication.csproj index 5b12df575ca7..32546d575cb1 100644 --- a/src/Security/Authentication/Core/src/Microsoft.AspNetCore.Authentication.csproj +++ b/src/Security/Authentication/Core/src/Microsoft.AspNetCore.Authentication.csproj @@ -12,7 +12,6 @@ - diff --git a/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs b/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs index 0d9855ec3437..fa8a0898e496 100644 --- a/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs +++ b/src/Security/Authorization/Policy/src/AuthorizationAppBuilderExtensions.cs @@ -3,9 +3,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization.Policy; -using Microsoft.AspNetCore.Routing; using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Logging; namespace Microsoft.AspNetCore.Builder; @@ -32,24 +30,6 @@ public static IApplicationBuilder UseAuthorization(this IApplicationBuilder app) VerifyServicesRegistered(app); app.Properties[AuthorizationMiddlewareSetKey] = true; - - // The authorization middleware adds annotation to HttpContext.Items to indicate that it has run - // that will be validated by the EndpointsRoutingMiddleware later. To do this, we need to ensure - // that routing has run and set the endpoint feature on the HttpContext associated with the request. - if (app.Properties.TryGetValue(RerouteHelper.GlobalRouteBuilderKey, out var routeBuilder) && routeBuilder is not null) - { - return app.Use(next => - { - var newNext = RerouteHelper.Reroute(app, routeBuilder, next); - var authorizationPolicyProvider = app.ApplicationServices.GetRequiredService(); - var logger = app.ApplicationServices.GetRequiredService>(); - return new AuthorizationMiddlewareInternal(newNext, - app.ApplicationServices, - authorizationPolicyProvider, - logger).Invoke; - }); - } - return app.UseMiddleware(); } diff --git a/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj b/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj index d6df142a5654..14912c54a988 100644 --- a/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj +++ b/src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj @@ -13,7 +13,6 @@ -