ASP.NET core, change default redirect for unauthorized

c# asp.net asp.net-core asp.net-identity asp.net-core-mvc

63,959

Solution 1

If you check UseIdentity extension method here you will notice that it is using IdentityOptions not CookieAuthenticationOptions, so instead you must configure IdentityOptions:

services.Configure<IdentityOptions>(opt =>
{
    opt.Cookies.ApplicationCookie.LoginPath = new PathString("/login");
});

Edit

For asp.net core 2.0: Identity cookie options are no longer part of IdentityOptions. Check mxmissile's answer.

Solution 2

With asp.net core 2.0 out now, this has changed to:

services.ConfigureApplicationCookie(options => options.LoginPath = "/Account/LogIn");

More on migrating to 2.0 here. And even more information on migrating from 2.0 to 2.1.

Solution 3

Since asp.net core 2.0 if you use cookies without Identity:

app.UseAuthentication();

// If you don't want the cookie to be automatically authenticated and assigned HttpContext.User, 
// remove the CookieAuthenticationDefaults.AuthenticationScheme parameter passed to AddAuthentication.
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options => 
    {
        options.LoginPath = "/Account/LogIn";
        options.LogoutPath = "/Account/LogOff";
    });

source

Solution 4

You may also want to try using StatusCodePages:

app.UseStatusCodePages(async contextAccessor => 
{
    var response = contextAccessor.HttpContext.Response;

    if (response.StatusCode == (int)HttpStatusCode.Unauthorized || 
        response.StatusCode == (int)HttpStatusCode.Forbidden)
    {
        response.Redirect("/Error/Unauthorized");
    }
});

Solution 5

You'll need to configure this in startup.cs when adding the authentication service especially if you're using cookie authentication scheme.

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options => 
        {
            options.LoginPath = new PathString("/login");
        });

This was how i solved the issue, you'll should try it out...It'll definitely work for you

View more solutions

63,959

Jim

Craig is an accomplished technical specialist with vast integration and financial services experience. His distinguished accomplishments span several continents at some of the largest financial services and manufacturing institutions in the world. BMW, Johannesburg Stock Exchange, Stanlib, Royal Bank of Scotland, Merrill Lynch and Bank of America. Craig has engineered systems as diverse as cross continental messaging infrastructure, calculation of volatility matrices, manufacturing cost analysis, and full stack integrated web site construction and mobile application development.

Updated on July 09, 2022

Comments

Jim almost 2 years
I am attempting to redirect to a different login url in ASP.NET MVC6

My account controller login method has a Route attribute to change the url.
```
[HttpGet]
[AllowAnonymous]
[Route("login")]
public IActionResult Login(string returnUrl = null)
{
    this.ViewData["ReturnUrl"] = returnUrl;
    return this.View();
}
```
When attempting to access an unathorized page, I am redirected to the invalid url, it should just be /login but instead I get http://localhost/Account/Login?ReturnUrl=%2Fhome%2Findex

I have configured the cookie authentication path as follows:
```
services.Configure<CookieAuthenticationOptions>(opt =>
{
    opt.LoginPath = new PathString("/login");
});
```
I have added a default filter, to ensure that all urls require authentication by default.
```
services.AddMvc(
    options =>
    {
        options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build()));
    });
```
I have checked that the url /login does in fact load the login page, whilst /account/login does not, as expected.

edit: I have left the routes as is, (apart from changing the default controller and action)
```
app.UseMvc(routes =>
{
    routes.MapRoute(
      name: "default",
      template: "{controller=Site}/{action=Site}/{id?}");
});
```
- juunas about 7 years
  
  Could you show your route config in Configure()?
- Jim about 7 years
  
  @juunas:I have added the routes to the question
- tmg about 7 years
  
  are you using asp.net-core-identity?
- Jim about 7 years
  
  @tmg, yes I am, but with this plugin github.com/mrahhal/MR.AspNet.Identity.EntityFramework6 to support EF6, I don't think the redirect will be affected by the EF version, but I could be wrong. I am still using app.UseIdentity() from Microsoft.AspNetCore.Builder
Jim about 7 years

I found it here too github.com/aspnet/Identity/issues/539, thanks, works just fine.
sɐunıɔןɐqɐp almost 6 years

(This post does not seem to provide a quality answer to the question. Please either edit your answer, or just post it as a comment to the other referred answer).
Fredrik C over 4 years

This is still valid for Core 3.0
Mohammed A. Fadil over 4 years

Worked perfectly! Thank you for saving the day :D