Using PolicyServer.Local: Gotcha upgrading from ASP.NET Core 2.0 to 2.1
Gotcha I experienced upgrading from ASP.NET Core 2.0 to 2.1
This post is more like an update from my previous post:
Dual/Multiple Authorizations Using Virtual Authentication Schemes in ASP.NET Core 2
My project was built using ASP.NET Core 1.1. Later, updated to 2.0 because of the new requirements to use non-Core…medium.com
Note that the VirtualScheme is now PolicyScheme, as you can see from here: https://github.com/aspnet/Security/pull/1665.
Why? What’s this? I’m glad you asked.
Authorization is hard - and authorization is often conflated with authentication and identity. We think that tightly…policyserver.io
Claims are supposed to model the identity of a user, not permissions
Permissions of a user are often different depending which client or API it is using — putting them all into a single identity or access token is confusing and leads to problems. The same permission might even have a different meaning depending on who is consuming it
Permissions can change over the life time of a session, but the only way to get a new token is to make a roundtrip to the token service. This often requires some UI interaction which is not preferable
Permissions and business logic often overlap — where do you want to draw the line?
Nah, I’m sold. 😍
For more details, make sure you read the author’s awesome post: https://leastprivilege.com/2016/12/16/identity-vs-permissions/
I performed the upgrade. And here is the gotcha that I think worth to share. I got an
ArgumentNullException: Value cannot be null.
Parameter name: policy
The problem was reported on GitHub:
As suggested there, the workaround is:
mvcOptions.AllowCombiningAuthorizeFilters = false;
options.AllowCombiningAuthorizeFilters = false;
Finally, personally, the most exciting part is, to use the new
If you are upgrading from ASP.NET Core 2.0 to 2.1 and you are using PolicyServer.Local, high chance that you will encounter
ArgumentNullException. In that case, you should set
mvcOptions.AllowCombiningAuthorizeFilters = false.
If you like what you just read, clap 👏 heartily and share it with your friends. You could possibly save their valuable time trying to solve this problem.