So, my app exits with code -1,073,741,571 when a not-logged-in user tries to access a Razor page that has [Authorize] on it...
I'm using ASP.NET Core 5.0 RC1
Here's where I think it occurs:
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = new PathString("/login");
options.LogoutPath = new PathString("/logout");
options.AccessDeniedPath = new PathString("/login");
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Events.OnRedirectToLogin =
HandleApiRequest(StatusCodes.Status401Unauthorized, options.Events.RedirectToLogin);
options.Events.OnRedirectToAccessDenied =
HandleApiRequest(StatusCodes.Status403Forbidden, options.Events.RedirectToLogin);
});
Here are the helpers used:
public static class RoutingHelpers
{
private const string ApiRoutePrefix = "/api";
private static bool IsApiRequest(this HttpContext context)
{
if (context.Request.Path.StartsWithSegments(ApiRoutePrefix))
{
return true;
}
// Check if this is an ApiController
var endpoint = context.GetEndpoint();
return endpoint != null && endpoint.Metadata.Any(o => o is ApiControllerAttribute);
}
public static Func<RedirectContext<CookieAuthenticationOptions>, Task> HandleApiRequest(int statusCode, Func<RedirectContext<CookieAuthenticationOptions>, Task> original)
{
return redirectContext =>
{
if (!redirectContext.HttpContext.IsApiRequest())
return original(redirectContext);
redirectContext.Response.StatusCode = statusCode;
return Task.CompletedTask;
};
}
}
In general, the goal of this code was to redirect [Authorize]d API requests somewhere else, than [Authorize]d Razor Pages, to avoid the API response just being the whole HTML code of the login page.