Skip to content

Introduce new authentication provider Unauthenticated #3075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Copilot wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Introduce new authentication provider Unauthenticated #3075

Copilot wants to merge 7 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jan 21, 2026
edited
Loading

Why make this change?

New authentication provider where all operations run as anonymous. Useful when DAB is behind an app gateway or APIM where authentication is handled externally.

What is this change?

Core Implementation:

  • Added IsUnauthenticatedAuthenticationProvider() to AuthenticationOptions.cs
  • Created UnauthenticatedAuthenticationHandler (follows Simulator pattern, returns unauthenticated ClaimsPrincipal)
  • Updated Startup.cs to register the provider in both ConfigureAuthentication() and ConfigureAuthenticationV2()
  • Added explicit mapping in ClientRoleHeaderAuthenticationMiddleware.ResolveConfiguredAuthNScheme() for proper scheme selection at request time

CLI & Validation:

  • Updated Utils.ValidateAudienceAndIssuerForJwtProvider() to accept Unauthenticated without JWT
  • Added warning in ConfigGenerator.IsConfigValid() when used with authenticated/custom roles (not an error)
  • Refactored validation loops to use explicit .Where() filtering

Schema:

  • Added Unauthenticated to dab.draft.schema.json provider enum

Key behaviors:

  • Allowed in production mode (unlike Simulator)
  • Allowed with authenticated/custom role permissions (warning emitted)
  • No JWT configuration required

How was this tested?

  • Integration Tests
  • Unit Tests
    • Tests for IsUnauthenticatedAuthenticationProvider() method
    • Tests for IsJwtConfiguredIdentityProvider() excluding Unauthenticated
    • Tests for non-anonymous role detection logic with Unauthenticated provider
    • Snapshot test for config generation with Unauthenticated provider

Sample Request(s)

dab init --database-type mssql --connection-string "..." --auth.provider Unauthenticated
dab configure --runtime.host.authentication.provider Unauthenticated

Config snippet:

{
  "runtime": {
    "host": {
      "authentication": {
        "provider": "Unauthenticated"
      }
    }
  }
}

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI and others added 3 commits January 21, 2026 17:07
@JerryNixon
Updated plan with new requirements
e4c09d2 
Co-authored-by: JerryNixon <1749983+JerryNixon@users.noreply.github.com>
@JerryNixon
Add Unauthenticated authentication provider with CLI support, tests, …
f63c338 
…and JSON schema

Co-authored-by: JerryNixon <1749983+JerryNixon@users.noreply.github.com>
@JerryNixon
Fix typo in UnauthenticatedAuthenticationBuilderExtensions comment
1a2f633 
Co-authored-by: JerryNixon <1749983+JerryNixon@users.noreply.github.com>
Copilot AI changed the title [WIP] Add new authentication provider 'Unauthenticated' Introduce new authentication provider Unauthenticated Jan 21, 2026
Copilot AI requested a review from JerryNixon January 21, 2026 17:30
@JerryNixon JerryNixon assigned Copilot and unassigned Copilot Jan 21, 2026
@JerryNixon JerryNixon marked this pull request as ready for review January 21, 2026 21:35
Copilot AI review requested due to automatic review settings January 21, 2026 21:35
Copilot AI reviewed Jan 21, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Introduces a new Unauthenticated authentication provider intended to treat all requests as anonymous without requiring JWT configuration.

Changes:

  • Added an Unauthenticated ASP.NET Core auth handler/scheme and wired it into Startup auth registration paths.
  • Updated CLI validation and config validation logic to allow Unauthenticated without JWT (with warnings for non-anonymous role permissions).
  • Extended schema and CLI tests/snapshots to include the new provider.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/Service/Startup.cs Registers the Unauthenticated auth scheme in both auth configuration paths.
src/Core/AuthenticationHelpers/UnauthenticatedAuthenticationHandler/UnauthenticatedAuthenticationHandler.cs New auth handler that yields an anonymous principal.
src/Core/AuthenticationHelpers/UnauthenticatedAuthenticationHandler/UnauthenticatedAuthenticationDefaults.cs Defines the scheme name constants for the new provider.
src/Core/AuthenticationHelpers/UnauthenticatedAuthenticationHandler/UnauthenticatedAuthenticationBuilderExtensions.cs Adds an AuthenticationBuilder extension to register the new scheme.
src/Core/AuthenticationHelpers/SupportedAuthNProviders.cs Adds Unauthenticated to the supported provider constants.
src/Config/ObjectModel/AuthenticationOptions.cs Adds provider detection helper and updates JWT-required determination logic.
src/Cli/Utils.cs Allows Unauthenticated to omit JWT audience/issuer and updates messaging.
src/Cli/ConfigGenerator.cs Emits a warning when Unauthenticated is used with non-anonymous permissions.
src/Cli.Tests/ValidateConfigTests.cs Adds unit tests for Unauthenticated provider helper methods.
src/Cli.Tests/Snapshots/InitTests.EnsureCorrectConfigGenerationWithDifferentAuthenticationProviders_47836da0dfbdc458.verified.txt Updates snapshot for config generation using Unauthenticated.
src/Cli.Tests/InitTests.cs Adds Unauthenticated as a test case for init/config generation.
schemas/dab.draft.schema.json Adds Unauthenticated to the provider enum and documents it.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JerryNixon
Update src/Cli/Utils.cs
b6d0fd5 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@JerryNixon
Copy link
Contributor

JerryNixon commented Jan 22, 2026

@copilot apply changes based on the comments in this thread

@JerryNixon
Address PR review comments: add Unauthenticated scheme mapping, use e…
e3fb034 
…xplicit Where() filtering, add unit tests

Co-authored-by: JerryNixon <1749983+JerryNixon@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 22, 2026

@copilot apply changes based on the comments in this thread

Applied all changes from the review thread in e3fb034:

  1. Added Unauthenticated mapping in ResolveConfiguredAuthNScheme()
  2. Refactored foreach loops to use explicit .Where() filtering
  3. Added unit test for non-anonymous role detection

Copilot AI requested a review from JerryNixon January 22, 2026 16:46
@RubenCerna2079 RubenCerna2079 self-assigned this Jan 22, 2026
@RubenCerna2079
Copy link
Contributor

RubenCerna2079 commented Jan 22, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Jan 22, 2026

Azure Pipelines successfully started running 6 pipeline(s).

@JerryNixon
Copy link
Contributor

JerryNixon commented Jan 22, 2026

@RubenCerna2079 you will need to help here and resolve the integration test errs for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Aniruddh25 Aniruddh25 Awaiting requested review from Aniruddh25 Aniruddh25 is a code owner

@aaronburtle aaronburtle Awaiting requested review from aaronburtle aaronburtle is a code owner

@anushakolan anushakolan Awaiting requested review from anushakolan anushakolan is a code owner

@RubenCerna2079 RubenCerna2079 Awaiting requested review from RubenCerna2079 RubenCerna2079 is a code owner

@souvikghosh04 souvikghosh04 Awaiting requested review from souvikghosh04 souvikghosh04 is a code owner

@neeraj-sharma2592 neeraj-sharma2592 Awaiting requested review from neeraj-sharma2592 neeraj-sharma2592 is a code owner

@sourabh1007 sourabh1007 Awaiting requested review from sourabh1007 sourabh1007 is a code owner

@vadeveka vadeveka Awaiting requested review from vadeveka vadeveka is a code owner

@Alekhya-Polavarapu Alekhya-Polavarapu Awaiting requested review from Alekhya-Polavarapu Alekhya-Polavarapu is a code owner

@rusamant rusamant Awaiting requested review from rusamant rusamant is a code owner

+1 more reviewer

@JerryNixon JerryNixon JerryNixon approved these changes

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

@RubenCerna2079 RubenCerna2079

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JerryNixon @RubenCerna2079