1

Topic: ASP.Net Core 2 Identity - to disconnect redirection on login page

I want to receive not 302, but 401 if  the user tries to get access to [Authorize] to the controler
only this article
https://dotnetcoretutorials.com/2017/09 … -core-2-0/

services. AddAuthentication (CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie (options => {
options. Events. OnRedirectToLogin = (context) =>
{
context. Response. StatusCode = 401;
return Task. CompletedTask;
};
});

But, at first, it at me did not earn.
Secondly - I not absolutely understand a place of this decision in adjustment Identity.
It is offered to install a packet

 Microsoft.AspNetCore.Authentication.Cookies 

What for, if Identity and so works.
Or it is supposed that I should not put Identity at all and not use

services. AddIdentity <AppUser, IdentityRole>

Then it is not clear that with all remaining buns - UserManager, etc.

2

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

Shocker. Pro;
401 at you it is returned, but there is a redirect on login
https://devblog.dymel.pl/2016/07/07/ret … -core-api/

3

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

The redirect happens on the server.
On the client 401 I will not see, I will see 302.
Article the link on which you gave, concerns to Core 1.x
In Core 2.0 is not present options. Cookies

4

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

Shocker. Pro;
It is a lot of candidate solutions. You depend that want finally. Generally for all requests to return 401? Or only at reversal to API? Or only at calls AJAX?
To disconnect challenge absolutely so (for ):

services. AddIdentity <ApplicationUser, IdentityRole> (o => {
o.Cookies.ApplicationCookie.AutomaticChallenge = false;
});

If it is necessary pointwise to install OnRedirectToLogin

5

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

Shocker. Pro;
At you did not earn, because you did not make beforehand context. Response. Clear ();

6

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

hVostt wrote:

candidate solutions much. You depend that want finally. Generally for all requests to return 401? Or only at reversal to API? Or only at calls AJAX?

I for some reason did not find any.
By and large for requests to "/api/...". Now all requests such, but further possibly appear and some pages MVC. Requests while go from the WPF-client, in the future there can be requests from the browser (both to , and to normal pages)

hVostt wrote:

to disconnect challenge absolutely so (for ):

I Repeat is a decision for Core 1.x, in Core 2.0 it is not present.

7

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

hVostt wrote:

at you did not earn, because you did not make beforehand context. Response. Clear ();

well made - did not help. It does not come into this part of the code at all.

8

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

Shocker. Pro;
Well figs knows, for all of us works smile
Add middleware which pipeline will catch in the end 302 redirect and to return 401, it will iron work

9

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

hVostt wrote:

well figs knows, for all of us works smile

all works For you on Core 2.0?
What variant which you resulted which is not present in Core 2.0?
Or which I resulted, but then prompt, as configuration Identity in Startup looks and what packets are used.

hVostt wrote:

add middleware which pipeline will catch in the end 302 redirect and to return 401, it will work iron

I with the same success I can to consider the status 302 on the client as the status of absence of authorization. But it would be desirable to make on mind

10

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

Shocker. Pro wrote:

all works For you on Core 2.0?
What variant which you resulted which is not present in Core 2.0?
Or which I resulted, but then prompt, as configuration Identity in Startup looks and what packets are used.

At us Core 2.0 (places something already on  2.1).
At us OpenId Connect and SSO, at all  model Identity of storage and this infrastructure.

Shocker. Pro wrote:

I with the same success can consider the status 302 on the client as the status of absence of authorization. But it would be desirable to make on mind

It is necessary to look source codes, or yours, or ASP.NET COre, the blessing they in open access.

11

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

Shocker. Pro wrote:

I with the same success can consider the status 302 on the client as the status of absence of authorization. But it would be desirable to make on mind

But middleware it is not bad)

12

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

hVostt wrote:

At us OpenId Connect and SSO, at all  model Identity of storage and this infrastructure

and, well then it is clear

hVostt wrote:

It is necessary to look source codes, or yours, or ASP.NET COre, the blessing they in open access.

Not, well and  to look, while I will study that there , already the third version quits and again all rewrite.
Inside services. AddIdentity a pack of registration of services, including this action. On idea, it is possible to light up,  both to redefine unnecessary and to use instead of services. AddIdentity all it is sequence. But I do not like a box to pick, they then again that-thread alter.
Earlier after all there was AutomaticChallenge = false, a thing claimed, can think again and add adjustment.

13

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

Shocker. Pro;
Here breaking changes on this subject, explicitly
https://github.com/aspnet/Announcements/issues/232

14

Re: ASP.Net Core 2 Identity - to disconnect redirection on login page

At first, there instead of
New:app. AddAuthentication
Most likely it is necessary to read
services. AddAuthentication
And then we are returned to the first my question - what place here occupies services. AddIdentity?
And if it to remove, as to me to organize the class of the user.
Here like all it is clearly chewed -  the class of the user and storage and everything, works from a box further. And if without services. AddIdentity, as then?
I generally can somewhere lost the way - Authentication in this case part Identity or these are mutually exclusive things, or perpendicular?