ASP.NET core, change default redirect for unauthorized
Solution 1
If you check UseIdentity
extension method here you will notice that it is using IdentityOptions
not CookieAuthenticationOptions
, so instead you must configure IdentityOptions
:
services.Configure<IdentityOptions>(opt =>
{
opt.Cookies.ApplicationCookie.LoginPath = new PathString("/login");
});
Edit
For asp.net core 2.0: Identity cookie options are no longer part of IdentityOptions. Check mxmissile's answer.
Solution 2
With asp.net core 2.0
out now, this has changed to:
services.ConfigureApplicationCookie(options => options.LoginPath = "/Account/LogIn");
More on migrating to 2.0 here. And even more information on migrating from 2.0 to 2.1.
Solution 3
Since asp.net core 2.0
if you use cookies without Identity:
app.UseAuthentication();
// If you don't want the cookie to be automatically authenticated and assigned HttpContext.User,
// remove the CookieAuthenticationDefaults.AuthenticationScheme parameter passed to AddAuthentication.
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/LogIn";
options.LogoutPath = "/Account/LogOff";
});
Solution 4
You may also want to try using StatusCodePages
:
app.UseStatusCodePages(async contextAccessor =>
{
var response = contextAccessor.HttpContext.Response;
if (response.StatusCode == (int)HttpStatusCode.Unauthorized ||
response.StatusCode == (int)HttpStatusCode.Forbidden)
{
response.Redirect("/Error/Unauthorized");
}
});
Solution 5
You'll need to configure this in startup.cs when adding the authentication service especially if you're using cookie authentication scheme.
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = new PathString("/login");
});
This was how i solved the issue, you'll should try it out...It'll definitely work for you
Related videos on Youtube
Jim
Craig is an accomplished technical specialist with vast integration and financial services experience. His distinguished accomplishments span several continents at some of the largest financial services and manufacturing institutions in the world. BMW, Johannesburg Stock Exchange, Stanlib, Royal Bank of Scotland, Merrill Lynch and Bank of America. Craig has engineered systems as diverse as cross continental messaging infrastructure, calculation of volatility matrices, manufacturing cost analysis, and full stack integrated web site construction and mobile application development.
Updated on July 09, 2022Comments
-
Jim almost 2 years
I am attempting to redirect to a different login url in ASP.NET MVC6
My account controller login method has a
Route
attribute to change the url.[HttpGet] [AllowAnonymous] [Route("login")] public IActionResult Login(string returnUrl = null) { this.ViewData["ReturnUrl"] = returnUrl; return this.View(); }
When attempting to access an unathorized page, I am redirected to the invalid url, it should just be
/login
but instead I gethttp://localhost/Account/Login?ReturnUrl=%2Fhome%2Findex
I have configured the cookie authentication path as follows:
services.Configure<CookieAuthenticationOptions>(opt => { opt.LoginPath = new PathString("/login"); });
I have added a default filter, to ensure that all urls require authentication by default.
services.AddMvc( options => { options.Filters.Add(new AuthorizeFilter(new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build())); });
I have checked that the url
/login
does in fact load the login page, whilst/account/login
does not, as expected.edit: I have left the routes as is, (apart from changing the default controller and action)
app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Site}/{action=Site}/{id?}"); });
-
juunas about 7 yearsCould you show your route config in
Configure()
? -
Jim about 7 years@juunas:I have added the routes to the question
-
tmg about 7 yearsare you using asp.net-core-identity?
-
Jim about 7 years@tmg, yes I am, but with this plugin github.com/mrahhal/MR.AspNet.Identity.EntityFramework6 to support EF6, I don't think the redirect will be affected by the EF version, but I could be wrong. I am still using
app.UseIdentity()
fromMicrosoft.AspNetCore.Builder
-
-
Jim about 7 yearsI found it here too github.com/aspnet/Identity/issues/539, thanks, works just fine.
-
sɐunıɔןɐqɐp almost 6 years(This post does not seem to provide a quality answer to the question. Please either edit your answer, or just post it as a comment to the other referred answer).
-
Fredrik C over 4 yearsThis is still valid for Core 3.0
-
Mohammed A. Fadil over 4 yearsWorked perfectly! Thank you for saving the day :D