I am working on .NET Core 3.1 MVC project. I have added custom authorization using IAuthorizationFilter.
for testing purpose I have set session timeout as one minute and added below configuration in ConfigureServices method of startup.cs.
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(key)),
ValidateIssuer = false,
ValidateAudience = false
};
}).AddCookie(options =>
{
options.LoginPath = "/Account/login";
options.AccessDeniedPath = "/Account/login";
options.ExpireTimeSpan = TimeSpan.FromSeconds(10);
});
However, after session timeout when I refresh the page, I am getting below error page. (typical 401 error page)
This page isn’t working
If the problem continues, contact the site owner.
HTTP ERROR 401
Constructor of Custom Authorization class ALWAYS gets called however public void OnAuthorization(AuthorizationFilterContext context) method does NOT get called after session timout.
Please let me know how this can be resolved ?