Endpoint contains authorization metadata, but a middleware was not found that supports authorization

Question

I'm currently in the process of moving my locally developed app to an Ubuntu 16.04 droplet in digital ocean. I'm using .NET Core 3.1 and have configured my server for it just fine. However, when I navigate to an endpoint on my controller that uses the [Authorize] attribute, I get the following exception only on my production server (not locally):

An unhandled exception has occurred while executing the request.
System.InvalidOperationException: Endpoint App.Controllers.RsvpController.Index contains authorization metadata, but a middleware was not found that supports authorization.
Configure your application startup by adding app.UseAuthorization() inside the call to Configure(..) in the application startup code. The call to app.UseAuthorization() must appear between app.UseRouting() and app.UseEndpoints(...).
at Microsoft.AspNetCore.Routing.EndpointMiddleware.ThrowMissingAuthMiddlewareException(Endpoint endpoint)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
An unhandled exception has occurred while executing the request.

This is what my Configure() method looks like in Startup.cs:

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseStaticFiles();

            app.UseRouting();

            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
            });
        }

I'm also using this in ConfigureServices():

            services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            }).AddCookie(options =>
            {
                options.LoginPath = new PathString("/Account/Login/");
                options.AccessDeniedPath = new PathString("/Account/Forbidden/");
            });

My controller has the [Authorize] attribute around the entire controller class:

    [Authorize]
    public class RsvpController : Controller
    {
        ...
    }

I can't figure out what the issue is, since it works locally. I've tried changing the ASPNETCORE_ENVIRONMENT to "Production" locally to see if there was a flag somewhere based off of that but that I'm still getting the issue. Thanks in advance for any help!

Answer 1

In your Configure method, try this piece of code:

...
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
});

Answer 2

The very easy fix for this is to move app.UseAuthorization() anywhere between app.UseRouting() and app.UseEndpoints() as in this example:

app.UseRouting();
//Enable Authentication
app.UseAuthentication();
app.UseAuthorization(); //<< This needs to be between app.UseRouting(); and app.UseEndpoints();
app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
});