I am wondering if is there any difference of [Authorize] attribute and AuthorizePage(string) method in ASP.NET Core? Project uses ASP.NET Core 3.1. Is there any advantage or disadvantage using one?
Being relatively new to ASP MVC, I’m unsure which would better suit my needs. I have built an intranet site using Windows authentication and I’m able to secure controllers and actions using the Active Directory roles, e.g.
In ASP.NET the FormsAuthenticationModule intercepts any HTTP 401, and returns an HTTP 302 redirection to the login page. This is a pain for AJAX, since you ask for json and get the login page in html, but the status code is HTTP 200.
I have created a customized role base authorization attribute.My idea is that when a user with role name “employee” Log In should not be allowed to access the “admin” page through URL. But when I implement the [MyRoleAuthorization] in Employee controller and Log In the error says “This webpage has a redirect loop”.
This is code for [MyRoleAuthorization]