From cfa89931a35600da6ae646dd9fd5a0ed5880d294 Mon Sep 17 00:00:00 2001
From: jkotalik <jukotali@microsoft.com>
Date: Sat, 19 Aug 2017 17:22:54 -0700
Subject: [PATCH 1/3] ForbidAsync now uses correct Schemes method

---
 .../AuthenticationService.cs                                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs b/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs
index 54bdd82d..f75365b3 100644
--- a/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs
@@ -113,8 +113,8 @@ public virtual async Task ForbidAsync(HttpContext context, string scheme, Authen
         {
             if (scheme == null)
             {
-                var defaultChallengeScheme = await Schemes.GetDefaultChallengeSchemeAsync();
-                scheme = defaultChallengeScheme?.Name;
+                var defaultForbidScheme = await Schemes.GetDefaultForbidSchemeAsync();
+                scheme = defaultForbidScheme?.Name;
                 if (scheme == null)
                 {
                     throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultChallengeScheme found.");

From c1a33fdea203b5d8f84b3b2e3e5885e7ad5ab058 Mon Sep 17 00:00:00 2001
From: jkotalik <jukotali@microsoft.com>
Date: Sat, 19 Aug 2017 17:25:40 -0700
Subject: [PATCH 2/3] comment

---
 .../AuthenticationService.cs                                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs b/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs
index f75365b3..9a8223d0 100644
--- a/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs
@@ -117,7 +117,7 @@ public virtual async Task ForbidAsync(HttpContext context, string scheme, Authen
                 scheme = defaultForbidScheme?.Name;
                 if (scheme == null)
                 {
-                    throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultChallengeScheme found.");
+                    throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultForbidScheme found.");
                 }
             }
 

From 26e89cfd3bd092d6b240999c88eb7171d809bee7 Mon Sep 17 00:00:00 2001
From: Justin Kotalik <jukotali@microsoft.com>
Date: Sat, 19 Aug 2017 18:09:52 -0700
Subject: [PATCH 3/3] adds tests

---
 .../AuthenticationServiceTests.cs             | 52 +++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/test/Microsoft.AspNetCore.Authentication.Core.Test/AuthenticationServiceTests.cs b/test/Microsoft.AspNetCore.Authentication.Core.Test/AuthenticationServiceTests.cs
index c9fe57d9..292c56f5 100644
--- a/test/Microsoft.AspNetCore.Authentication.Core.Test/AuthenticationServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Core.Test/AuthenticationServiceTests.cs
@@ -122,6 +122,20 @@ public async Task ServicesWithDefaultSignOutMethodsTest()
             await Assert.ThrowsAsync<InvalidOperationException>(() => context.SignInAsync(new ClaimsPrincipal()));
         }
 
+        [Fact]
+        public async Task ServicesWithDefaultForbidMethod_CallsForbidMethod()
+        {
+            var services = new ServiceCollection().AddOptions().AddAuthenticationCore(o =>
+            {
+                o.AddScheme<ForbidHandler>("forbid", "whatever");
+                o.DefaultForbidScheme = "forbid";
+            }).BuildServiceProvider();
+            var context = new DefaultHttpContext();
+            context.RequestServices = services;
+
+            await context.ForbidAsync();
+        }
+
 
         private class BaseHandler : IAuthenticationHandler
         {
@@ -245,5 +259,43 @@ public Task SignOutAsync(AuthenticationProperties properties)
             }
         }
 
+        private class ForbidHandler : IAuthenticationHandler, IAuthenticationRequestHandler, IAuthenticationSignInHandler, IAuthenticationSignOutHandler
+        {
+            public Task<AuthenticateResult> AuthenticateAsync()
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ChallengeAsync(AuthenticationProperties properties)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task ForbidAsync(AuthenticationProperties properties)
+            {
+                return Task.FromResult(0);
+            }
+
+            public Task<bool> HandleRequestAsync()
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task InitializeAsync(AuthenticationScheme scheme, HttpContext context)
+            {
+                return Task.FromResult(0);
+            }
+
+            public Task SignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
+            {
+                throw new NotImplementedException();
+            }
+
+            public Task SignOutAsync(AuthenticationProperties properties)
+            {
+                throw new NotImplementedException();
+            }
+        }
+
     }
 }