Problem: Whenever normal user attempts to access pages that are only accessible by administrators, user is always redirected to login instead of access denied page.
Question: How can the normal user see the access denied page whenever the user access restricted pages?
Controller:
[Authorize(Roles = "Administrator")]
public class AdminOnlyController: Controller{
}
Startup.cs
app.UseIdentity();
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationScheme = "FirstCookieAuthentication",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AccessDeniedPath = new PathString("/Forbidden/"),
LoginPath = new PathString("/Conotroller/Login"),
});