We would like to have anonymous users to use parts of our web site. The plan is to have the users to be automatically logged on as ”public users” when arriving at the website. We don't want any redirects because SEO issues. But it doesn't seem to work as constext.User doesn't instanciate and therefore the user is stopped by the [Authorize] attribute.
app.UseCookieAuthentication(options =>
{
options.LoginPath = new PathString("/Admin/Login");
options.LogoutPath = new PathString("/Admin/Logout");
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = false; //Remove redirect
options.AuthenticationScheme = "Cookies";
});
app.Use(async (context, next) =>
{
doLogin = !context.User.Identity.IsAuthenticated;
if (doLogin) //Is not authenticated
{
var claims = new List<Claim>
{
new Claim("ID",userOption.Value.PublicUserID.ToString())
};
var id = new ClaimsIdentity(claims, "local", null, null);
await context.Authentication.SignInAsync("Cookies", new ClaimsPrincipal(id));
}
await next.Invoke();
if (doLogin)
{
context.Response.StatusCode = StatusCodes.Status200OK;
}
});Are we on the right track? Or should be solve this by using [AllowAnonymous] decorations where we want to allow anonymous usage.