Merge pull request #26634 from dotnet-maestro-bot/merge/release/5.0-to-master

[automated] Merge branch 'release/5.0' => 'master'

Author: sebastienros

src/Middleware/Diagnostics/src/ExceptionHandler/ExceptionHandlerMiddleware.cs

@@ -134,7 +134,7 @@ private async Task HandleException(HttpContext context, ExceptionDispatchInfo ed
 
                 await _options.ExceptionHandler!(context);
 
-                if (context.Response.StatusCode != StatusCodes.Status404NotFound)
+                if (context.Response.StatusCode != StatusCodes.Status404NotFound || _options.AllowStatusCode404Response)
                 {
                     if (_diagnosticListener.IsEnabled() && _diagnosticListener.IsEnabled("Microsoft.AspNetCore.Diagnostics.HandledException"))
                     {

src/Middleware/Diagnostics/src/ExceptionHandler/ExceptionHandlerOptions.cs

@@ -24,5 +24,14 @@ public class ExceptionHandlerOptions
         /// explicitly provided, the subsequent middleware pipeline will be used by default.
         /// </summary>
         public RequestDelegate? ExceptionHandler { get; set; }
+
+        /// <summary>
+        /// This value controls whether the <see cref="ExceptionHandlerMiddleware" /> should
+        /// consider a response with a 404 status code to be a valid result of executing the
+        /// <see cref="ExceptionHandler"/>. The default value is false and the middleware will
+        /// consider 404 status codes to be an error on the server and will therefore rethrow
+        /// the original exception.
+        /// </summary>
+        public bool AllowStatusCode404Response { get; set; }
     }
 }

src/Middleware/Diagnostics/test/UnitTests/ExceptionHandlerTest.cs

@@ -542,5 +542,59 @@ public async Task ExceptionHandlerNotFound_RethrowsOriginalError()
                 && w.EventId == 4
                 && w.Message == "No exception handler was found, rethrowing original exception.");
         }
+
+        [Fact]
+        public async Task ExceptionHandler_CanReturn404Responses_WhenAllowed()
+        {
+            var sink = new TestSink(TestSink.EnableWithTypeName<ExceptionHandlerMiddleware>);
+            var loggerFactory = new TestLoggerFactory(sink, enabled: true);
+
+            using var host = new HostBuilder()
+                .ConfigureWebHost(webHostBuilder =>
+                {
+                    webHostBuilder
+                    .UseTestServer()
+                    .ConfigureServices(services =>
+                    {
+                        services.AddSingleton<ILoggerFactory>(loggerFactory);
+                        services.Configure<ExceptionHandlerOptions>(options =>
+                        {
+                            options.AllowStatusCode404Response = true;
+                            options.ExceptionHandler = httpContext =>
+                            {
+                                httpContext.Response.StatusCode = StatusCodes.Status404NotFound;
+                                return Task.CompletedTask;
+                            };
+                        });
+                    })
+                    .Configure(app =>
+                    {
+                        app.UseExceptionHandler();
+
+                        app.Map("/throw", (innerAppBuilder) =>
+                        {
+                            innerAppBuilder.Run(httpContext =>
+                            {
+                                throw new InvalidOperationException("Something bad happened.");
+                            });
+                        });
+                    });
+                }).Build();
+
+            await host.StartAsync();
+
+            using (var server = host.GetTestServer())
+            {
+                var client = server.CreateClient();
+                var response = await client.GetAsync("throw");
+                Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
+                Assert.Equal(string.Empty, await response.Content.ReadAsStringAsync());
+            }
+
+            Assert.DoesNotContain(sink.Writes, w =>
+                w.LogLevel == LogLevel.Warning
+                && w.EventId == 4
+                && w.Message == "No exception handler was found, rethrowing original exception.");
+        }
     }
 }

src/Security/Authentication/MicrosoftAccount/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>ASP.NET Core middleware that enables an application to support the Microsoft Account authentication workflow.</Description>

src/Security/Authentication/Negotiate/src/Events/AuthenticatedContext.cs

@@ -13,9 +13,7 @@ public class AuthenticatedContext : ResultContext<NegotiateOptions>
         /// <summary>
         /// Creates a new <see cref="AuthenticatedContext"/>.
         /// </summary>
-        /// <param name="context"></param>
-        /// <param name="scheme"></param>
-        /// <param name="options"></param>
+        /// <inheritdoc />
         public AuthenticatedContext(
             HttpContext context,
             AuthenticationScheme scheme,

src/Security/Authentication/Negotiate/src/Events/AuthenticationFailedContext.cs

@@ -14,9 +14,7 @@ public class AuthenticationFailedContext : RemoteAuthenticationContext<Negotiate
         /// <summary>
         /// Creates a <see cref="AuthenticationFailedContext"/>.
         /// </summary>
-        /// <param name="context"></param>
-        /// <param name="scheme"></param>
-        /// <param name="options"></param>
+        /// <inheritdoc />
         public AuthenticationFailedContext(
             HttpContext context,
             AuthenticationScheme scheme,

src/Security/Authentication/Negotiate/src/Events/ChallengeContext.cs

@@ -14,10 +14,7 @@ public class ChallengeContext : PropertiesContext<NegotiateOptions>
         /// <summary>
         /// Creates a new <see cref="ChallengeContext"/>.
         /// </summary>
-        /// <param name="context"></param>
-        /// <param name="scheme"></param>
-        /// <param name="options"></param>
-        /// <param name="properties"></param>
+        /// <inheritdoc />
         public ChallengeContext(
             HttpContext context,
             AuthenticationScheme scheme,
@@ -26,7 +23,8 @@ public ChallengeContext(
             : base(context, scheme, options, properties) { }
 
         /// <summary>
-        /// If true, will skip any default logic for this challenge.
+        /// Gets a value that determines if this challenge was handled.
+        /// If <see langword="true"/>, will skip any default logic for this challenge.
         /// </summary>
         public bool Handled { get; private set; }
 

src/Security/Authentication/Negotiate/src/Events/LdapContext.cs

@@ -13,10 +13,7 @@ public class LdapContext : ResultContext<NegotiateOptions>
         /// <summary>
         /// Creates a new <see cref="LdapContext"/>.
         /// </summary>
-        /// <param name="context"></param>
-        /// <param name="scheme"></param>
-        /// <param name="options"></param>
-        /// <param name="settings"></param>
+        /// <inheritdoc />
         public LdapContext(
             HttpContext context,
             AuthenticationScheme scheme,

src/Security/Authentication/Negotiate/src/LdapSettings.cs

@@ -76,6 +76,9 @@ public class LdapSettings
 
         internal MemoryCache ClaimsCache { get; set; }
 
+        /// <summary>
+        /// Validates the <see cref="LdapSettings"/>.
+        /// </summary>
         public void Validate()
         {
             if (EnableLdapClaimResolution)

src/Security/Authentication/Negotiate/src/Microsoft.AspNetCore.Authentication.Negotiate.csproj

@@ -3,6 +3,7 @@
   <PropertyGroup>
     <Description>ASP.NET Core authentication handler used to authenticate requests using Negotiate, Kerberos, or NTLM.</Description>
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
+    <NoWarn>$(NoWarn.Replace('1591', ''))</NoWarn>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
   </PropertyGroup>