Check if user is logged on in ASP.NET Core

Question

I'm new to ASP.NET Core and I'm still very uncomfortable. Anyways, I would like to know if this way is correct or if exists better solutions.

I'm checking on every page if a user is logged on. If not, I will redirect page to login page:

public IActionResult Index()
{
    if (User.Identity.IsAuthenticated)
    {
        return View();
    }
    else
    {
        return Redirect("Identity/Account/Login");
    }
}

I'm adding this in every single page.

Answer 1

Instead of adding User.Identity.IsAuthenticated (very un-DRY) you should check out DataAnnotations - [AllowAnonymous] and [Authorize] . You can decorate whole controllers or specific methods with these annotations to allow authentication for specific functionality.

[AllowAnonymous]
public IActionResult Index()
{
    return View();
}

[Authorize]
public IActionResult OnlyAuthenticatedUsers()
{
  return View();
}

Then you can add, in your Startup.cs, redirection rules if the user is not authenticated.

Check this out:

• https://www.aspsnippets.com/Articles/Using-Authorize-and-AllowAnonymous-Data-Annotation-attributes-in-ASPNet-MVC.aspx

• https://forums.asp.net/t/2146773.aspx?Multiple+AuthenticationSchemes+Not+redirecting+to+login+page+when+adding+AuthenticationSchemes

Answer 2

Use the Authorize action filter

Action filter executes before and after an action method executes. Action filter attributes can be applied to an individual action method or to a controller. When action filter applied to the controller then it will be applied to all the action methods in that controller.

For your case

[Authorize]
public IActionResult Index()
{
        return View(); 
}