From 9a2adaad04249bd8ca60292af5f43b8dd059b772 Mon Sep 17 00:00:00 2001
From: Brock Allen <brockallen@gmail.com>
Date: Thu, 15 Nov 2018 18:14:33 -0500
Subject: [PATCH] emit more logging and errors around authentication scheme at
 startup #2646

---
 .../IdentityServerApplicationBuilderExtensions.cs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/Configuration/IdentityServerApplicationBuilderExtensions.cs b/src/Configuration/IdentityServerApplicationBuilderExtensions.cs
index 99bb793d61..fa7f85cd95 100644
--- a/src/Configuration/IdentityServerApplicationBuilderExtensions.cs
+++ b/src/Configuration/IdentityServerApplicationBuilderExtensions.cs
@@ -11,6 +11,7 @@
 using System.Threading.Tasks;
 using IdentityServer4.Configuration;
 using IdentityServer4.Extensions;
+using Microsoft.AspNetCore.Authentication.Cookies;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -79,16 +80,30 @@ private static async Task ValidateAsync(IServiceProvider services, ILogger logge
             var options = services.GetRequiredService<IdentityServerOptions>();
             var schemes = services.GetRequiredService<IAuthenticationSchemeProvider>();
 
+
             if (await schemes.GetDefaultAuthenticateSchemeAsync() == null && options.Authentication.CookieAuthenticationScheme == null)
             {
                 logger.LogWarning("No authentication scheme has been set. Setting either a default authentication scheme or a CookieAuthenticationScheme on IdentityServerOptions is required.");
             }
             else
             {
+                AuthenticationScheme authenticationScheme = null;
+
                 if (options.Authentication.CookieAuthenticationScheme != null)
                 {
+                    authenticationScheme = await schemes.GetSchemeAsync(options.Authentication.CookieAuthenticationScheme);
                     logger.LogInformation("Using explicitly configured scheme {scheme} for IdentityServer", options.Authentication.CookieAuthenticationScheme);
                 }
+                else
+                {
+                    authenticationScheme = await schemes.GetDefaultAuthenticateSchemeAsync();
+                    logger.LogInformation("Using the default authentication scheme {scheme} for IdentityServer", authenticationScheme.Name);
+                }
+
+                if (!typeof(CookieAuthenticationHandler).IsAssignableFrom(authenticationScheme.HandlerType))
+                {
+                    logger.LogError("Authentication scheme {scheme} is configured for IdentityServer, but it is not a cookie authentication scheme. Using a cookie scheme is required and must be configured as either the default authentication scheme or set the CookieAuthenticationScheme on the IdentityServerOptions.", authenticationScheme.Name);
+                }
 
                 logger.LogDebug("Using {scheme} as default ASP.NET Core scheme for authentication", (await schemes.GetDefaultAuthenticateSchemeAsync())?.Name);
                 logger.LogDebug("Using {scheme} as default ASP.NET Core scheme for sign-in", (await schemes.GetDefaultSignInSchemeAsync())?.Name);