InvalidOperationException: The AuthorizationPolicy named: 'Bearer' was not found

Adding the AuthenticationSchemes to the controller class works for me:

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

I'm not working with policies and this error happened to me when I forgot to indicate the roles in the authorize attribute.

I had this:

[Authorize("Administrator")] // if you don't specify the property name Roles it will consider it as the policy name

Fixed it by changing it to:

[Authorize(Roles = "Administrator")]

You get this error because authentication schemes and authorization policies are not the same thing. Let's see what each of them are.

Authentication schemes

They are the different methods of authentication in your application. In the code you posted, you have one authentication scheme which is identified by the name Bearer and the options you specified.

It is possible to have several authentications schemes set up in one single application:

  • You could authenticate users with cookies or JWT bearer tokens authentication
  • You could even accept JWT tokens from different sources; in this case, you would need to call the AddJwtBearer method twice. It is also important to note that the name of the authentication scheme is supposed to be unique, so you'd need to use the overload that takes the name and the options configuration delegate

Authorization policies

When a user is authenticated in your application, it doesn't mean it can access every single feature in it. You might have different access levels where administrators have special rights that no one else does; this is expressed in ASP.NET Core using authorization policies. I highly suggest that you read the official documentation on authorization as I think it's great.

An authorization policy is made of two things:

  • a unique name
  • a set of requirements

Taking the example of administrators mentioned above, we can create a fictional authorization policy:

  • Name: Administrators
  • Requirements: Must be authenticated and have a role claim with the Administrators value

This would be expressed this way in code:

services.AddAuthorization(options =>
{
    options.AddPolicy("Administrators", new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .RequireClaim("role", "Administrators")
        .Build());
});

You could then apply this policy on some specific controllers or actions in your application by decorating them with an [Authorize(Policy = "Administrators")] attribute. MVC would then, during the request, run the requirements against the current user and determine whether they can access the specific feature.

My guess is that you added such an attribute on one of your actions/controllers, but you didn't register an authorization policy names Bearer in the authorization system.

If your goal is to prevent non-authenticated users to access some actions, you could apply an [Authorize] attribute. Doing so would run the default policy which, by default, only requires the user to be authenticated.