Found during module-packaging Session 2 checkpoint.
A fresh sm new project host has AddAuthentication() with no default scheme (auth is expected to come from a module). Any endpoint guarded with RequirePermission — e.g. an installed packaged module's pages or APIs — throws InvalidOperationException ('No authenticationScheme was specified, and there was no DefaultChallengeScheme found') and returns 500 instead of 401/redirect.
Installing a module into a bare scaffold therefore looks broken even though the module is wired correctly. The framework should register a fallback challenge scheme that produces a clean 401 (and a hint that an auth module is missing) when no auth module is installed.
Found during module-packaging Session 2 checkpoint.
A fresh
sm new projecthost hasAddAuthentication()with no default scheme (auth is expected to come from a module). Any endpoint guarded with RequirePermission — e.g. an installed packaged module's pages or APIs — throws InvalidOperationException ('No authenticationScheme was specified, and there was no DefaultChallengeScheme found') and returns 500 instead of 401/redirect.Installing a module into a bare scaffold therefore looks broken even though the module is wired correctly. The framework should register a fallback challenge scheme that produces a clean 401 (and a hint that an auth module is missing) when no auth module is installed.