Home/Error requires Authorization, creating infinite loops for authentication errors

aspnet / Templates

This repo is OBSOLETE - please see the README file for information

Other

151 stars 57 forks source link

Closed Tratcher closed 7 years ago

Tratcher commented 7 years ago

If you have errors during authentication it can throw exceptions. In Production these are caught by app.UseExceptionHandler("/Home/Error"); and re-executed. However, Home/Error requires Authorization and you get stuck in an infinite loop. https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/OrganizationalAuth/Single/NoRead/Startup.cs https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/OrganizationalAuth/Common/Controllers/HomeController.cs

@blowdart

blowdart commented 7 years ago

Hmm, I wonder if it's worth overriding the authorize attribute on whatever the exception handler route is, even if you have set it.

phenning commented 7 years ago

Should we just set AllowAnonymous on the Error Action on the controller?