Why does the Identity scaffold use user null checks if(user==null) if there is the [Authorize] annotation for the Authorization middleware? Are the null checks safer than Authorize?
var user = _userManager.GetUser(User);
if(user == null)
{
return NotFound("User not found");
}
[Authorize]
public class TestModel : PageModel
{
}
Doesn't authorize take much less work to write?
User is never null if code passes [Authorize].
Some people wrongfully do it as they are used to it before this type of authenticating was a thing.