First of all let me say this is an excellent post.
I have one question though.
I have implemented this with an WEB API project. If the user is not authorized (e.g. token expired) a 404 Not found is returned.
How can you return an unauthorized status instead of "404 Not found"
With cookies I had implemented it as such
services.AddIdentity<ApplicationUser, IdentityRole>(identityOptions => { identityOptions.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents { OnRedirectToLogin = context => { if (context.Request.Path.StartsWithSegments("/api") && context.Response.StatusCode == (int)HttpStatusCode.OK) context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; else context.Response.Redirect(context.RedirectUri); return Task.CompletedTask; } }; }) .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders();
Thanks Shaheem
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.
Auth With Twitter
Auth With GitHub
re: Developing token authentication using ASP.NET Core VIEW POST
FULL DISCUSSIONFirst of all let me say this is an excellent post.
I have one question though.
I have implemented this with an WEB API project. If the user is not authorized (e.g. token expired) a 404 Not found is returned.
How can you return an unauthorized status instead of "404 Not found"
With cookies I had implemented it as such
Thanks
Shaheem