OnAuthorization Is Not Getting Called while trying to access application after Session Timeout

nitin pawar 11 Reputation points
2021-09-14T10:23:25.133+00:00

I am working on .NET Core 3.1 MVC project. I have added custom authorization using IAuthorizationFilter.

for testing purpose I have set session timeout as one minute and added below configuration in ConfigureServices method of startup.cs.

services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(key)),
ValidateIssuer = false,
ValidateAudience = false
};
}).AddCookie(options =>
{
options.LoginPath = "/Account/login";
options.AccessDeniedPath = "/Account/login";
options.ExpireTimeSpan = TimeSpan.FromSeconds(10);
});

However, after session timeout when I refresh the page, I am getting below error page. (typical 401 error page)

This page isn’t working
If the problem continues, contact the site owner.
HTTP ERROR 401

Constructor of Custom Authorization class ALWAYS gets called however public void OnAuthorization(AuthorizationFilterContext context) method does NOT get called after session timout.

Please let me know how this can be resolved ?

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,161 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. nitin pawar 11 Reputation points
    2021-09-16T05:31:48.387+00:00

    I am using custom authorization for use login management. below is the code.. the constructor of the code is getting called every time (even after session timeout however the method OnAuthorization (AuthorizationFilterContext context) is not getting called after session timeout

    public class CustomAuthorizeAttribute : TypeFilterAttribute
    {
    public CustomAuthorizeAttribute() : base(typeof(CustomAuthorizeFilter))
    {

        }
}

public class CustomAuthorizeFilter : IAuthorizationFilter
{


    public CustomAuthorizeFilter()
    {

    }

    public void OnAuthorization(AuthorizationFilterContext context)
    {
        //Logic to authenticate user based on context
    }
}

    I want OnAuthorization(AuthorizationFilterContext context) to be called even after session timeout, this is the only requirement , please advise.

    0 comments
  2. nitin pawar 11 Reputation points
    2021-09-16T09:09:07.087+00:00

    This has been resolved. Below code was creating issue (not sure the reason behind it). Removed the same. 

      services.AddControllersWithViews(options =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        });

    Thanks all for your advise.

    0 comments