-1

this is my code which works fine.If I'm authorized it works, if not, it redirects me to the identity server and after login back.

[Authorize]
public async Task<IActionResult> Index()
{                
    return View("../Secure/Index");
}

I want to return another view if user is not authorized and not to redirect him to the indentity server. This is how I tried it.

public async Task<IActionResult> Index()
{                
    if (User == null || User.Identity == null || !User.Identity.IsAuthenticated )
    {
        return View("../Public/Index");
    }

    return View("../Secure/Index");
}

However it is not working. User.Identity.IsAuthenticated is always false. Even when I was before on identity server and logged in. It seems that [Authorize] attribute is doing something more probably settings User.Identity.IsAuthenticated.

My question is, how do I know I'm authorized without attribute ?

Thank you

ferdinand
  • 970
  • 1
  • 7
  • 14
  • The `Authorize` attribute triggers the authentication handler to load the `HttpContext.User`. To do this without the attribute you could create middleware to populate the `HttpContext.User` property but it would totally defeat the purpose of having authorization. – Brad Dec 06 '18 at 22:28
  • @Brad thank you for the reply. Could you please give me some example how to call authentication handler ? – ferdinand Dec 06 '18 at 23:13
  • why don't you want to use the Authorize attribute? – Tarik Tutuncu Dec 10 '18 at 06:42
  • Because it automatically redirects to the identity server. I need my app to have one url, for welcome page and for actual app. So when you are not logged in the welcome page would be shown and when you are the app would be shown. I have address http://192.168.0.100 and once there is welcome page. I can click on it to login. And once if I'm logged in there is actual app. – ferdinand Dec 11 '18 at 21:27

1 Answers1

-1

I spent three days figuring out how this can be done and come to conclusion THIS CAN'T BE DONE. Really great work Microsoft.

The closest I got is redirect to another url: https://stackoverflow.com/a/43631950/4909067 But of course naming is different in .net core 2.1. 

services.AddAuthentication(options =>
{
    ...
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
    {
        ...
        options.Events = new OpenIdConnectEvents()
        {
            OnRedirectToIdentityProvider = async (context) =>
            {
                Console.WriteLine(  );

                if (context.HttpContext.Request.Path.Value != "/Account/SignInWithOpenId")
                {
                    context.HttpContext.Response.Redirect("/public");
                    context.HandleResponse();
                }

                await Task.CompletedTask;
            },            
        };
        ...
    })

But this is not what i want. I don't want to change url. I just want to serve some content when user is signed in and different when user is not signed in. On the same url. I should have chosen node js over this stupid .net core

ferdinand
  • 970
  • 1
  • 7
  • 14