My application needs users to be authenticated from the start. There is no public area. The very first thing that the user needs to do is log in. So this should be done right from the start page. It should also be done when the user isn't logged in and another direct URL is accessed, for example from a notification.
I don't like the idea of redirecting the user to another URL and dragging around the return URL as parameter. This adds more network requests and makes ugly and insecure URLs. The server knows exactly whether the user is logged in and can always show the login form on every URL. On successful login, the original URL doesn't have to change, the user is directly server the requested content.
How can I do that?
I could add a custom middleware that checks authentication. For unauthenticated requests, the login form would be shown instead of what MVC routing would bring up. That middleware would shortcut the pipeline, avoiding MVC. But I only know how to show that view through MVC routing. My middleware would need to come before routing. Also, the login view makes use of model binding which is an MVC feature IIRC.
Or is there a way to setup a special route that maps every URL to the AccountController/Login if the request isn't authenticated? I can remember that I have written a custom route (based on login instead of a template) in ASP.NET 4. But I can't find that for ASP.NET Core.
I'm not using Identity but CookieAuthentication, if that's relevant.