I have an ASP.NET Core web application and I am decorating a few controller action methods with Authorize attribute.
So, when I am not logged in, it doesn't do any redirect and only shows me a blank page for that controller action. I have gone through a couple of tutorials and they talk about Cookie authentication.
So, I made changes in my Startup.cs and added the following:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookie",
LoginPath = new PathString("/Account/Login/"),
AccessDeniedPath = new PathString("/Account/Forbidden/"),
AutomaticAuthenticate = true,
AutomaticChallenge = true
});
I also made a change in Authorize attribute to include ActiveAuthenticationScheme as:
[Authorize(ActiveAuthenticationSchemes = "Cookie")]
Now when I tried to go to that controller action, I get the login page. I am able to login successfully but I am again redirected to Login page instead of showing the controller action method View.
I can tell that I successfully logged in as I can see my email and a 'logoff' button on top of page (Layout with partial view). It seems like I am authenticated but Not Authorized. It that is true that I should have seen the forbidden page but I am seeing only the login page.
Am I missing something here? Why I am being redirected to Login page even after logging in?
.