In a basic Asp Net Core web API project ( dotnet new webapi, SDK 7.0 ) adding an authentication handler via
builder.Services.AddAuthentication()
.AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>(
BasicAuthenticationDefaults.AuthenticationScheme, null);
causes the application to exit before completing the startup. Enabling verbose logging it's possible to notice that, when the call to app.Run() is performed, it uses DPAPI to decrypt a key and it suddenly stops with no exception nor log of any kind, neither in Windows' registry.
[System ][DBUG][23-11-17T14:27:54.9231+01:00][0][ Microsoft.Extensions.Hosting.Internal.Host]`Hosting starting`
[System ][INFO][23-11-17T14:27:55.4962+01:00][0][NetCore.DataProtection.KeyManagement.XmlKeyManager]`User profile is available. Using 'C:\Users\p.dicaprio.extblar\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.`
[System ][DBUG][23-11-17T14:27:55.5027+01:00][0][ataProtection.Repositories.FileSystemXmlRepository]`Reading data from file 'C:\Users\p.dicaprio.extblar\AppData\Local\ASP.NET\DataProtection-Keys\key-70202a7b-a057-403b-b974-5060170571f3.xml'.`
[System ][DBUG][23-11-17T14:27:55.5232+01:00][0][NetCore.DataProtection.KeyManagement.XmlKeyManager]`Found key {70202a7b-a057-403b-b974-5060170571f3}.`
[System ][DBUG][23-11-17T14:27:55.5363+01:00][0][re.DataProtection.KeyManagement.DefaultKeyResolver]`Considering key {70202a7b-a057-403b-b974-5060170571f3} with expiration date 2024-02-15 13:20:05Z as default key.`
[System ][DBUG][23-11-17T14:27:55.5390+01:00][0][.AspNetCore.DataProtection.TypeForwardingActivator]`Forwarded activator type request from Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor, Microsoft.AspNetCore.DataProtection, Version=7.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60`
[System ][DBUG][23-11-17T14:27:55.5429+01:00][0][ore.DataProtection.XmlEncryption.DpapiXmlDecryptor]`Decrypting secret element using Windows DPAPI.`
BasicAuthenticationHandler is's very simple: it reads the Authorization header, removes Basic: from it and decodes the base64 credentials provided to check if in a Dictionary<string,string> exists a valid key/value pair.
Any suggestion on what to verify?
P.S.
It works on my machine, it works on a server A, it shows this problem on a server B (totally out of my control).
The app.Run() is surrounded by a try/catch(Exception) but no log is provided by the catch.
SOLVED
I asked to the server B provider to add an exclusion for my program's folder in Sophos antivirus and now the program runs as expected.
The log does not stop to Decrypting secret element using Windows DPAPI. but continues as:
[System ][DBUG][23-11-21T07:07:43.1380+01:00][0][ore.DataProtection.XmlEncryption.DpapiXmlDecryptor]`Decrypting secret element using Windows DPAPI.`
[System ][DBUG][23-11-21T07:07:43.1733+01:00][0][.AspNetCore.DataProtection.TypeForwardingActivator]`Forwarded activator type request from Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=7.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60`
[System ][DBUG][23-11-21T07:07:43.1828+01:00][0][atedEncryption.CngCbcAuthenticatedEncryptorFactory]`Opening CNG algorithm 'AES' from provider 'null' with chaining mode CBC.`
[System ][DBUG][23-11-21T07:07:43.1842+01:00][0][atedEncryption.CngCbcAuthenticatedEncryptorFactory]`Opening CNG algorithm 'SHA256' from provider 'null' with HMAC.`
[System ][DBUG][23-11-21T07:07:43.1857+01:00][0][tCore.DataProtection.KeyManagement.KeyRingProvider]`Using key {70202a7b-a057-403b-b974-5060170571f3} as the default key.`
[System ][DBUG][23-11-21T07:07:43.1890+01:00][0][ataProtection.Internal.DataProtectionHostedService]`Key ring with default key {70202a7b-a057-403b-b974-5060170571f3} was loaded during application startup.`
[System ][INFO][23-11-21T07:07:43.3196+01:00][0][ Microsoft.Hosting.Lifetime]`Now listening on: http://0.0.0.0:5000
Probably an antivirus rule was blocking the decryption of the key.