Search code examples
c#asp.net-corecookiesauthorizationidentity

ASP.NET Core App Won't redirect user to login page after failing authorization, instead returns 404

So I'm creating a small app for my work I'm using .net 7, Asp.Net Core, Identity, and for authorization I'm using cookies All my Login, Register and Logout pages located in Area, so the adress for those pages is something like Identity/Account/Login Here all my program.cs file with all configuration

builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
        options.Cookie.HttpOnly = true;
        options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
        options.SlidingExpiration = true;
        options.LoginPath = "/Identity/Account/Login";
        options.LogoutPath = "/Identity/Account/Logout";
        options.Cookie = new CookieBuilder
        {
            IsEssential = true
        };
    });

builder.Services.AddAuthorization();

builder.Services.AddIdentity<ApplicationUser, IdentityRole>()
    .AddEntityFrameworkStores<IdentityDbContext>();

Dependencies.ConfigureServices(builder.Configuration, builder.Services);

builder.Services.AddIdentityCore<ApplicationUser>(options =>
{
    options.Password.RequireDigit = true;
    options.Password.RequireLowercase = true;
    options.Password.RequireUppercase = true;
    options.Password.RequireNonAlphanumeric = false;
    options.Password.RequiredUniqueChars = 4;
    options.Password.RequiredLength = 4;
});


var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Home/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseAuthentication();
app.UseAuthorization();
app.UseCookiePolicy();

app.MapRazorPages();
app.UseRouting();

app.UseAuthorization();

app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Orders}/{action=Index}/{id?}");

app.MapRazorPages();
app.Run();`



app.MapRazorPages();
app.Run();

So my Login page work just fine when i try to access it by myself, but it have this contorller with`[Authorize]` attribute, and I expect it to redirect user to Login page if auth is failed, but instead, it returns me No web page found for web adress https://localhost:7294/Account/Login?ReturnUrl=%2F HTTP ERROR 404 I've tried changing login path in configuration, I've tried creating my custom attributes, but it's no use. I'm really frustrated and think that is answer is just on the surfaces but I can't see it

Solution

  • So the solution for me was to delete my pages with Login, Register and Logout, and everything associated with Identity configuration from my program.cs file, and scaffold Identity from scratch

    This is the link that i found usefull: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-7.0&tabs=visual-studio