Skip to content

Better logs for not succeeded policy authentication schemes #43861

New issue
New issue
Closed
#43862
Closed
Better logs for not succeeded policy authentication schemes#43861
#43862
Labels
area-authIncludes: Authn, Authz, OAuth, OIDC, Bearerdesign-proposalThis issue represents a design proposal for a different issue, linked in the description
Milestone
8.0-preview1
@luccawilli

Description

@luccawilli
luccawilli
opened on Sep 9, 2022

Summary

In the current version of aspnetcore AuthorizationMiddleware it is pretty hard to determine which authentication schemes or which policy failed. Even if debug logs are enabled, no info gets displayed.

Motivation and goals

  • Easier debugging / error finding for false defined policies or bad requests

In scope

  • aspnet service with multiple authentication policies defined.

Out of scope

  • aspnet service without authentication or authentication policies

Risks / unknowns

  • Logger null --> small concern
  • Too many logs --> Choose Debug-Level

Examples

Add a logger to AuthorizationMiddleware

private readonly ILogger<AuthorizationMiddleware> _logger;

Log if not succeded and a policy is defined

if (authenticateResult != null && !authenticateResult.Succeeded)
{
    _logger.LogDebug("Policy authentication schemes {policyName} did not succeed", String.Join(", ", policy.AuthenticationSchemes));
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-authIncludes: Authn, Authz, OAuth, OIDC, Bearerdesign-proposalThis issue represents a design proposal for a different issue, linked in the description

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions