No authenticationScheme was specified, and there was no DefaultChallengeScheme found Cookies Authentication

Question

I am using the below code for authentication in ASP.NET Core 2.0 using cookies

services
    .AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie("MyCookieMiddlewareInstance", options =>
    {
        options.AccessDeniedPath = new PathString("/Account/Login");
        options.LoginPath = new PathString("/Account/Login");
        options.LogoutPath = new PathString("/Account/LogOff");
    });

I am getting an error:

No authenticationScheme was specified, and there was no DefaultChallengeScheme found

The cookies setup is below:

var claims = new List<Claim>
{
    new Claim(ClaimTypes.NameIdentifier, userId.ToString()),
    new Claim(ClaimTypes.Name, userName)
};

var identity = new ClaimsIdentity(claims, "Forms");
identity.AddClaim(new Claim(ClaimTypes.Role, "ADMIN"));
var principal = new ClaimsPrincipal(identity);
HttpContext.Authentication.SignInAsync("MyCookieMiddlewareInstance", principal, new AuthenticationProperties
{
    IsPersistent = isPersistent,
    ExpiresUtc = DateTime.UtcNow.AddYears(1)
});

I did some research and didn't find the solution. Here is a link to the doc I used:

Can anyone please let me know how can I resolve this issue?

Possible duplicate of [ASP.NET Core 2.0 authentication middleware](https://stackoverflow.com/questions/45805411/asp-net-core-2-0-authentication-middleware) — John Reilly, Nov 28 '17 at 10:04

score 16 · Answer 1 · answered Sep 18 '17 at 18:19

authenticationBuilder.AddCookie("MyCookieMiddlewareInstance", …)

This registers a cookie authentication handler using the authentication scheme name "MyCookieMiddlewareInstance". So whenever you are referring to the cookie authentication scheme, you will need to use that exact name, otherwise you will not find the scheme.

However, in the AddAuthentication call, you are using a different scheme name:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)

This registers the CookieAuthenticationDefaults.AuthenticationScheme, which has the constant value "Cookies", as the default authentication scheme. But a scheme with that name is never registered! Instead, there’s only a "MyCookieMiddlewareInstance".

So the solution is to simply use the same name for both calls. You can also just use the defaults, and remove the explicit names; if you don’t have multiple schemes and need more control, there isn’t really a need to explicitly set their names.

For me only the default works. Changing both values leads to the same error. Are there any other "hidden" locations where I have to change it as well. — Tigerware, Jun 28 '19 at 07:18
So both the scheme name and the default scheme name are the same? Do you use other authentication related things, like Identity? Or do you just have a single authentication scheme registered? — poke, Jun 28 '19 at 08:36
I think it was using AddCookie without providing any scheme there. My bad! — Tigerware, Jun 28 '19 at 09:50

score 5 · Answer 2 · answered Nov 28 '17 at 10:06

5

For those who land on this and leave frustrated, my advice is take a look at the answer to this question: ASP.NET Core 2.0 authentication middleware

Without re-iterating what you find there too much it seems this issue is related to the changes in security between ASP.Net Core 1 and 2. Certainly, the advice there resolved my own issues. It's also worth taking a look at this blog post: https://ignas.me/tech/custom-authentication-asp-net-core-20/ (which I suspect was written based on that SO answer)

answered Nov 28 '17 at 10:06

John Reilly

5,791
5
38
63

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/low-quality-posts/18085439) – Gerhard Nov 28 '17 at 10:32
If you mean the link the SO answer then that presumably will live as long as SO does? I'd be happy to remove the link to the blog post; it's essentially a re-iteration of the SO answer in the first place so it doesn't really add much. But it probably does no harm either. – John Reilly Nov 28 '17 at 13:10
Not really, if the SO content on that anser changes, then this answer is no longer valid.Typically you can leave the links, but copy essential parts from the link which will stay here, should the link content change. – Gerhard Nov 28 '17 at 13:14
1

I don't really want to do that since I've marked this question as a possible duplicate of the SO question I've referenced. I could copy-paste the answer that's there across to my answer but I think it makes more sense for the other answer (which already has more points) to be adopted as the default. – John Reilly Nov 28 '17 at 13:56

score -1 · Answer 3 · answered Sep 18 '17 at 12:35

-1

HttpContext.Authentication is obsolete in ASP.net core 2.0, so instead HttpContext.Authentication.SignInAsync use HttpContext.SignInAsync

answered Sep 18 '17 at 12:35

YuriyP

4,210
4
25
35

True, but very irrelevant to OP’s problem. Obsolete also does not mean it’s no longer working. – poke Sep 18 '17 at 18:23
As far as I remember it's start working for me after that change. – YuriyP Sep 19 '17 at 05:18

No authenticationScheme was specified, and there was no DefaultChallengeScheme found Cookies Authentication

3 Answers3

Linked