InvalidOperationException: The AuthorizationPolicy named: 'Bearer' was not found
Adding the AuthenticationSchemes
to the controller class works for me:
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
I'm not working with policies and this error happened to me when I forgot to indicate the roles in the authorize attribute.
I had this:
[Authorize("Administrator")] // if you don't specify the property name Roles it will consider it as the policy name
Fixed it by changing it to:
[Authorize(Roles = "Administrator")]
You get this error because authentication schemes and authorization policies are not the same thing. Let's see what each of them are.
Authentication schemes
They are the different methods of authentication in your application. In the code you posted, you have one authentication scheme which is identified by the name Bearer
and the options you specified.
It is possible to have several authentications schemes set up in one single application:
- You could authenticate users with cookies or JWT bearer tokens authentication
- You could even accept JWT tokens from different sources; in this case, you would need to call the
AddJwtBearer
method twice. It is also important to note that the name of the authentication scheme is supposed to be unique, so you'd need to use the overload that takes the name and the options configuration delegate
Authorization policies
When a user is authenticated in your application, it doesn't mean it can access every single feature in it. You might have different access levels where administrators have special rights that no one else does; this is expressed in ASP.NET Core using authorization policies. I highly suggest that you read the official documentation on authorization as I think it's great.
An authorization policy is made of two things:
- a unique name
- a set of requirements
Taking the example of administrators mentioned above, we can create a fictional authorization policy:
- Name:
Administrators
- Requirements: Must be authenticated and have a
role
claim with theAdministrators
value
This would be expressed this way in code:
services.AddAuthorization(options =>
{
options.AddPolicy("Administrators", new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("role", "Administrators")
.Build());
});
You could then apply this policy on some specific controllers or actions in your application by decorating them with an [Authorize(Policy = "Administrators")]
attribute. MVC would then, during the request, run the requirements against the current user and determine whether they can access the specific feature.
My guess is that you added such an attribute on one of your actions/controllers, but you didn't register an authorization policy names Bearer
in the authorization system.
If your goal is to prevent non-authenticated users to access some actions, you could apply an [Authorize]
attribute. Doing so would run the default policy which, by default, only requires the user to be authenticated.