How to redirect if user not logged in?
Xorboth opened this issue · comments
Hello, I love your library, I have one question though. I hope you can help me. I have an ASP.NET web app and I'd like to use this library, and was able to do it. However I can't figure out how to redirect the user to the IdP login page if the user is not logged in. What's troubling me is that without any automatic redirect, all the APIs are still callable from the user even when not logged in, and this is a security problem.
This is really outside of this library's scope, but
-
To make controllers and APIs available to authenticated users only, use the
[Authorize]
attribute. -
To redirect all user to a login path use this
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
//.,..
options.LoginPath = "/User/Login";
//...
}
This way all anonymous users will be redirected to /User/Login - and that's where you redirect them to IdP