React to http challenge changes

src/Microsoft.AspNet.Mvc.Core/ActionResults/ChallengeResult.cs

@@ -47,7 +47,17 @@ namespace Microsoft.AspNet.Mvc
         public override void ExecuteResult([NotNull] ActionContext context)
         {
             var response = context.HttpContext.Response;
-            response.Challenge(Properties, AuthenticationSchemes);
+            if (AuthenticationSchemes.Count > 0)
+            {
+                foreach (var scheme in AuthenticationSchemes)
+                {
+                    response.Challenge(Properties, scheme);
+                }
+            }
+            else
+            {
+                response.Challenge(Properties);
+            }
         }
     }
 }

test/Microsoft.AspNet.Mvc.Core.Test/ActionResults/ChallengeResultTest.cs

@@ -3,6 +3,7 @@
 
 using System.Collections.Generic;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Routing;
 using Moq;
 using Xunit;
@@ -13,6 +14,29 @@ namespace Microsoft.AspNet.Mvc.Core.Test.ActionResults
     {
         [Fact]
         public void ChallengeResult_Execute()
+        {
+            // Arrange
+            var result = new ChallengeResult("", null);
+            var httpContext = new Mock<HttpContext>();
+            var httpResponse = new Mock<HttpResponse>();
+            httpContext.Setup(o => o.Response).Returns(httpResponse.Object);
+
+            var routeData = new RouteData();
+            routeData.Routers.Add(Mock.Of<IRouter>());
+
+            var actionContext = new ActionContext(httpContext.Object,
+                                                  routeData,
+                                                  new ActionDescriptor());
+
+            // Act
+            result.ExecuteResult(actionContext);
+
+            // Assert
+            httpResponse.Verify(c => c.Challenge(null, ""), Times.Exactly(1));
+        }
+
+        [Fact]
+        public void ChallengeResult_ExecuteNoSchemes()
         {
             // Arrange
             var result = new ChallengeResult(new string[] { }, null);
@@ -31,7 +55,7 @@ namespace Microsoft.AspNet.Mvc.Core.Test.ActionResults
             result.ExecuteResult(actionContext);
 
             // Assert
-            httpResponse.Verify(c => c.Challenge(null, (IEnumerable<string>)new string[] { }), Times.Exactly(1));
+            httpResponse.Verify(c => c.Challenge((AuthenticationProperties)null), Times.Exactly(1));
         }
     }
 }

test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs

@@ -7,6 +7,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Authentication;
 using Microsoft.AspNet.Routing;
 using Microsoft.AspNet.WebUtilities;
 using Microsoft.Framework.DependencyInjection;
@@ -278,6 +279,26 @@ namespace Microsoft.AspNet.Mvc.Test
             Assert.NotNull(authorizationContext.Result);
         }
 
+        [Fact]
+        public async Task Invoke_CanFilterToOnlyBearerScheme()
+        {
+            // Arrange
+            var authorizeFilter = new AuthorizeFilter(new AuthorizationPolicyBuilder("Bearer")
+                .RequireClaim("Permission", "CanViewPage")
+                .Build());
+            var authorizationContext = GetAuthorizationContext(services =>
+            {
+                services.AddAuthorization();
+                services.AddTransient<IAuthorizationHandler, DenyAnonymousAuthorizationHandler>();
+            });
+
+            // Act
+            await authorizeFilter.OnAuthorizationAsync(authorizationContext);
+
+            // Assert
+            Assert.NotNull(authorizationContext.Result);
+        }
+
         [Fact]
         public async Task Invoke_EmptyPolicyWillFail()
         {
@@ -298,7 +319,7 @@ namespace Microsoft.AspNet.Mvc.Test
 
         private AuthorizationContext GetAuthorizationContext(Action<ServiceCollection> registerServices, bool anonymous = false)
         {
-            var validUser = new ClaimsPrincipal(
+            var basicPrincipal = new ClaimsPrincipal(
                 new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Permission", "CanViewPage"),
@@ -307,13 +328,18 @@ namespace Microsoft.AspNet.Mvc.Test
                         new Claim(ClaimTypes.NameIdentifier, "John")},
                         "Basic"));
 
-            validUser.AddIdentity(
-                new ClaimsIdentity(
+            var validUser = basicPrincipal;
+
+            var bearerIdentity = new ClaimsIdentity(
                     new Claim[] {
                         new Claim("Permission", "CupBearer"),
                         new Claim(ClaimTypes.Role, "Token"),
                         new Claim(ClaimTypes.NameIdentifier, "John Bear")},
-                        "Bearer"));
+                        "Bearer");
+
+            var bearerPrincipal = new ClaimsPrincipal(bearerIdentity);
+
+            validUser.AddIdentity(bearerIdentity);
 
             // ServiceProvider
             var serviceCollection = new ServiceCollection();
@@ -332,6 +358,8 @@ namespace Microsoft.AspNet.Mvc.Test
                 httpContext.Object.User = validUser;
             }
             httpContext.SetupGet(c => c.RequestServices).Returns(serviceProvider);
+            httpContext.Setup(c => c.AuthenticateAsync("Bearer")).ReturnsAsync(new AuthenticationResult(bearerPrincipal, new AuthenticationProperties(), new AuthenticationDescription()));
+            httpContext.Setup(c => c.AuthenticateAsync("Basic")).ReturnsAsync(new AuthenticationResult(basicPrincipal, new AuthenticationProperties(), new AuthenticationDescription()));
 
             // AuthorizationContext
             var actionContext = new ActionContext(