I needed to use multiple authentication schemes for an application to separate things and allow logging in with two identities at the same time. When I tried to use the default authorization policy to allow both through to certain places I hit a problem: only one scheme is allowed to access it. That's weird, authenticated is authenticated, right?
It seems ASP.NET Core only uses the first authentication scheme as the one for these, so any additional ones aren't seen as authenticated. So how to fix it? Define your own default policy!
options.DefaultPolicy = new AuthorizationPolicyBuilder()
This was brought to me by Mickaël Derriy on Stack Overflow.