What is ChallengeAsync method?
Implementing AuthenticationFilter and Authorization filter as per this post in WEB API 2
1. However even after adding principal to context ChallengeAsync method is getting called. Does ChallengeAsync calls irrespective of authentication completion?
2. In AuthenticateAsync if we didn't added Principal to Context for unauthorized users, although Authorization Filters OnAuthorizationAsync, IAuthorizationFilter.ExecuteAuthorizationFilterAsync methods are getting executed.
As per my understanding,
1. If Principal is generated successfully in AuthenticateAsync, ChallengeAsync shouldnt be executed.
2. If user is not authenticated in AuthenticationFilter, AuthorizationFilter shouldnt be executed.
Please clarify over these.