diff --git a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs index b81af0c735..c1f03a074c 100644 --- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs +++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs @@ -60,6 +60,13 @@ namespace Microsoft.AspNet.Security.OAuthBearer } string authorization = Request.Headers.Get("Authorization"); + + // If no authorization header found, nothing to process further + if (String.IsNullOrEmpty(authorization)) + { + return null; + } + if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { token = authorization.Substring("Bearer ".Length).Trim(); diff --git a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs index eff8e28841..2139f56306 100644 --- a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs +++ b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs @@ -66,6 +66,22 @@ namespace Microsoft.AspNet.Security.OAuthBearer return Task.FromResult(null); } + [Fact] + public async Task NoHeaderReceived() + { + var server = CreateServer(options => { }); + var response = await SendAsync(server, "http://example.com/oauth"); + response.Response.StatusCode.ShouldBe(HttpStatusCode.OK); + } + + [Fact] + public async Task HeaderWithoutBearerReceived() + { + var server = CreateServer(options => { }); + var response = await SendAsync(server, "http://example.com/oauth","Token"); + response.Response.StatusCode.ShouldBe(HttpStatusCode.OK); + } + [Fact] public async Task CustomTokenReceived() { @@ -235,4 +251,4 @@ namespace Microsoft.AspNet.Security.OAuthBearer public XElement ResponseElement { get; set; } } } -} \ No newline at end of file +}