AuthenticateAsync for remote auth providers

Remote authentication providers like OpenIdConnect, WsFederation, and OAuth have been updated to avoid unnecessary errors when there's no user information available on the request.

Version introduced

.NET 7

Previous behavior

Previously, when AuthenticateAsync was called on a remote authentication provider and there was no current user, the call failed with a message similar to OpenIdConnect was not authenticated. Failure message: Not authenticated.

New behavior

Starting in .NET 7, AuthenticateAsync returns AuthenticateResult.NoResult(), an anonymous identity.

Type of breaking change

This change can affect binary compatibility.

Reason for change

The previous behavior:

  • Was inconsistent with Cookie and Negotiate authentication, which return AuthenticateResult.NoResult().
  • Caused excess failure logs, especially if the remote authentication handler was set as the default handler and invoked per request.

If you have code that directly invokes AuthenticateAsync, check it to ensure it properly handles AuthenticateResult.NoResult() and anonymous or empty ClaimsIdentity instances.

Affected APIs