I've prepared the authentication like this in my Start.cs.
...
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(a => a.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "beep",
ValidAudience = "bopp",
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes("SecurityKeyOfProperLength"))
});
...
When I decorate one of the methods in my controller using [Authorize] attribute, I no longer get the view it points to rendered. Instead, just as expected, I get 401 Unauthorized.
The next step I want to do is to be redirected to my login page, which is located in the controller Security and method Login. I don't know how to achieve it properly with no Q&D.
What I've tried to do is to google, of course, and I've found out a lot of examples on how to handle that from SPA. In my case it's good, old, plain MVC rendered on the backend so that's not applicable, as far I understand.
I've also seen that I can override OnChallenge but it wasn't recommended.
A bunch of links referred to 3rd parties like IDS and such. In my case, I want to learn the process and control it by micromanagement, at least for now. Mostly, because I want to learn that in depth.
How do I configure my AddAuthentication so that it bounces the user to the right controller and method (still using best practices)? A few hints on terms to look for would by great - I'm not lazy, just careful and uncertain of what's good stuff and what's other confused bloggers' production.
