Why does the Identity scaffold use user null checks if(user==null)
if there is the [Authorize]
annotation for the Authorization middleware? Are the null checks safer than Authorize?
var user = _userManager.GetUser(User);
if(user == null)
{
return NotFound("User not found");
}
[Authorize]
public class TestModel : PageModel
{
}
Doesn't authorize take much less work to write?
User is never null
if code passes [Authorize]
.
Some people wrongfully do it as they are used to it before this type of authenticating was a thing.