In the "old" ASP.NET, I can create a custom authorize attribute and override HandleUnauthorizedRequest . I cannot do this using ASP.NET Core using a special authorization handler. The latter either "succeeds" or "does not work," and I would like to redirect to alternative controller actions depending on the nature of the failure.
Here is the script. Users of my web application have a claim that indicates that they are โactiveโ users, that is, they are fully registered, and we confirmed their data, etc. New users are authenticated using OpenIdConnect middleware, but until we fully verify and set up an account, we wonโt receive an โactiveโ user request. Thus, both new users and active users are authenticated. I want new users to access most applications. Every time they try to get to https://app.example.com/dashboard , I want to redirect them to https://app.example.com/newuser , from which they can go through the setup process.
I can use the authorization policy for my controllers to check for "active" user requirements and allow access. When a new user does not have this requirement and does not perform authorization, I want the authorization processor to have some logic, which then redirects them to the application area to which they have access. But I donโt see how to do this using the authorization structure in the ASPNET core.
There is a somewhat clumsy solution that uses CookieMiddleware and implements a handler for the OnRedirectToAccessDenied event - see https://github.com/aspnet/Mvc/issues/4890 . I also thought about implementing an action filter that runs on every request.
? , , .