Bug on refreshing page

If I navigate to the root of my application e.g. myserver/bi-tracker3 then I get redirected to the default page myserver/bi-tracker3/job-request-summary and can navigate through to the other pages - everything works as expected.

However if I try and refresh any page, or navigate directly to a page (e.g. paste myserver/bi-tracker3/job-request-summary into a fresh browser window, I get this error:

System.InvalidOperationException: No authentication handler is registered for the scheme 'Bearer'. The registered schemes are: Windows. Did you forget to call AddAuthentication().AddSomeAuthHandler?
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
at Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

For context, this is an internal proof of concept application so we don't have any security enabled. We did have two Cultures specified under the Settings tab (English-GB and German-Germany) but I turned these off while trying to troubleshoot another issue (to do with linking to an image in the assets library, the URL to the link was not updating to incorporate the culture component (e.g. en-gb) in the URL. I'll raise a separate topic for this).

The app was working with the two cultures specified but when I removed the specified cultures and reverted to the default, this issue started manifesting itself.

As the error message appeared to relate to security, I tried turning on Default security and logging in - this resolves the issue. I then turned security off again and the issue returned.

So we can run the app with Cultures specified and no security, with no Culture specified but security enabled, with Cultures and security both specified, but not with no security and no Culture specified.

This is very strange. Can you check if any of the generated files in the server directory contains the [Authorize] attribute? Perhaps something remained after disabling security.

the Controllers folder contains some .cs files to do with security. I compare this folder to the equivalent folder for another application that has never had security enabled (on the right) and ApplicationRolesController, ApplicationUsersController and AuthController are not present:

AuthContoller uses the [Authorize] attribute.

Should I try deleting these files from the directory?

Yes, try deleting those files and see if it solves the problem. We will investigate why those remain in place after disabling security.

That has worked! Thanks!