How to set up multiple authentication schemes so that after the first handler returns fail or success, others are not called?

[piotled]

Hi

I would like to setup several authentication schemes with different handlers in such a way, that the handlers are called sequentially (order doesn't matter), but only if the previous one returns AuthenticateResult.NoResult() (that is, it did not handle the authentication). This is to support several alternative authentication schemes.

From my understanding, if I used this code:

builder.Services.AddAuthentication()
    .AddScheme<AuthenticationSchemeOptions, CustomAuthHandler>("Scheme1", null, null)
    .AddScheme<AuthenticationSchemeOptions, CustomAuthHandler2>("Scheme2", null, null);
builder.Services.AddAuthorization(x =>
{
    var policyBuilder = new AuthorizationPolicyBuilder();
    policyBuilder.AuthenticationSchemes = ["Scheme1", "Scheme2"];
    policyBuilder.RequireAuthenticatedUser();
    x.DefaultPolicy = policyBuilder.Build();
});

then the handlers would be called sequentially, because the default policy uses the specified schemes. However there is no difference whether I return AuthenticateResult.NoResult() or AuthenticateResult.Fail(), all authentication handlers are called. From what I was able to read, for example, here: #38685, then there is a situation in which NoResult can be used in such a way as I would expect it to.

So to sum up: is there a way to stop processing authentication handlers after one is able to return either Fail or Success, or do they all need to processed?