I am using VS 2019, ASP.Net Core 5 with Razor Pages (not MVC). I have a simple Razor Page with Authorization Policy. The below is an extract from the code, I have simplified it a little for this post and replaced global constants with literals.
Razor Page Directive:
[Authorize(Policy = "AuthUsers")]
The policy is described in Startup.cs
services.AddAuthorization(options =>
options.AddPolicy("AuthUsers", policy => policy.RequireClaim("Users")));
The Login Page creates the Claims principal with the above claim like this:
var Claims = new List { new Claim(ClaimTypes.Email, Input.Email)) }; Claims.Add(new Claim("Users", "1")); var claimsIdentity = new ClaimsIdentity(Claims, CookieAuthenticationDefaults.AuthenticationScheme); ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
After a successful login, I verified that the claim has been setup correctly but each time I go to the razor page it returns to the login page to authorize, even though the user is clearly logged in and "Logout" link is active.
