asp.net-identityasp.net-core-3.0authorize-attribute

asp.net core 3 AuthorizeAttribute or manage page always asks to login

OSX ASP.Net Core 3 MVC command line build..

The app allows the user to log in normally and seems to work fine.

When I add 

@if (SignInManager.IsSignedIn(User))
{

to the cshtml file for the View (man, I don't want to say razor page) it either displays information in that section when logged in or does not if not logged in. Works great.

When I add the AuthorizeAttribute to a controller class like

namespace mywebapp.Controllers
{
    [Authorize]
    public class FancyController : Controller
    {
        private readonly ApplicationDbContext _context;
... etc...

and try to access this page without logging in, it redirects me to the login page.

but... it does so, even when I'm logged in. It never allows access to the page.

I tried to see if my configuration steps were out of order, as I see that fix in various other issue answers...

       // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();
            services.AddRazorPages();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseRouting();

            app.UseAuthorization();
            app.UseAuthentication();


            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");

                endpoints.MapRazorPages();
                endpoints.MapControllers();
            });

        }

But any order I try doesn't solve this. One attempt actually ALWAYS allowed access, logged in or not. I've used the attribute fine in regular .Net MVC 5...

How do I get the login and [authorize] attribute to work together in Core 3?

Solution

  • Just switch between:

    app.UseAuthorization();
app.UseAuthentication();

    So you use authentication before authorization.
    Then rebuild again.