This repository was archived by the owner on Dec 13, 2018. It is now read-only.
This repository was archived by the owner on Dec 13, 2018. It is now read-only.
Authentication failures are not properly logged #1265
Closed
Description
aspnet-contrib/AspNet.Security.OAuth.Extensions#73 (comment)
The fix is simple: AuthenticationHandler.AuthenticateAsync() should be updated to log the authentication failure when it's not null: https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs#L133
Note: the issue exists in both 1.0/1.1 and 2.0 but it's more terrible in 2.0 because it also manifests when enabling automatic authentication (1.0/1.1 correctly log the failure in this case: https://github.com/aspnet/Security/blob/1.0.0/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs#L107)
/cc @HaoK