Home/Error requires Authorization, creating infinite loops for authentication errors
Tratcher opened this issue · comments
If you have errors during authentication it can throw exceptions. In Production these are caught by app.UseExceptionHandler("/Home/Error");
and re-executed. However, Home/Error requires Authorization and you get stuck in an infinite loop.
https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/OrganizationalAuth/Single/NoRead/Startup.cs
https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/OrganizationalAuth/Common/Controllers/HomeController.cs
Hmm, I wonder if it's worth overriding the authorize attribute on whatever the exception handler route is, even if you have set it.
Should we just set AllowAnonymous on the Error Action on the controller?