I must be missing something. Note that I don't use Identity. I followed the Configuration part of this page
In my startup.cs file:
// in public void ConfigureServices(IServiceCollection services)
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = new PathString("/account/login/");
options.AccessDeniedPath = new PathString("/account/forbidden/");
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromHours(336);
});
// in public void Configure(IApplicationBuilder app, IHostingEnvironment env)
app.UseAuthentication();
Then I have some login logic that ends by
await _httpContextAccessor.HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal,
new AuthenticationProperties {IsPersistent = true});
This works fine and creates the desired cookies.
What I don't understand is how to enforce authentication for specific end points? Previously I would add [AllowAnonymous] on the end point to say it was ok to be not authenticated. But here, it doesn't seem to know if I'm signed in or not.
1) What's the best way to configure my app so that you have to be authenticated to access them?
2) How to know if a user is authenticated? (from a controller)
3) I know I could implement all this via a middleware but I would be surprised there isn't a built-in way to do it. Am I wrong?
