Can UserManager.GetUserAsync(User) return null in a class with Authorize attribute?
Question
I am using Asp.net core 2.0 MVC with Individual User Account enabled. The automatically-generated ManageController class is attributed by [Authorize] .
I find there are some action methods with the following code snippet.
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
Question
In my mental model, being authorized guarantees being a registered user. So such a null checking in authorized classes seems to be unnecessary. I want to know whether or not UserManager.GetUserAsync(User) can return null in a class with Authorize attribute?
1 answers
solution1
2 ACCPTED 2018-02-15 19:57:43
I want to know whether or not UserManager.GetUserAsync(User) can return null in a class with Authorize attribute?
It can, if the user entry was removed from the database after the user logged in (by default, cookies are validated after 30 minutes so they can still be "valid" even after the corresponding user was removed from the database).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.