Below code is my Action Method in Asp.Net Core 3.
[HttpGet]
[Authorize]
public async Task<IActionResult> Info()
{
if (!User.Identity.IsAuthenticated) /// Is this need?
{
return BadRequest("Un Authorized Access");
}
}
I used Authorize
attribute on method.Do I need to check Authentiaciton of user again with User.Identity.IsAuthenticated
?
You should take a look into the difference between "Authentication versus Authorization" see https://stackoverflow.com/a/6556548/2219991
Your posted code won't be enough since there is a case when a user fulfills the authorization requirement, even if not authenticated.
My Answer is wrong, please take a look at Joe's comment and pointing out https://github.com/aspnet/AspNetWebStack/blob/master/src/System.Web.Http/AuthorizeAttribute.cs the [Authorize]
attribute also checks the authentication