ASP.Net Identity - Not authenticated does'nt honour special headers

[johnkattenhorn]

It's take me a couple of days to figure out what our problem was, we host a ASP.NET Core Web App behind the gateway, this worked great until we secured the home page.

Once we secured the home page, the redirect request to the login page doesn't seem to use the special headers (which by the way I can't see in fiddle / chrome - should we ? ).

I'm think the ASP.NET Core Authentication Filter runs first before the middleware has a chance to modify the response.

I looking for some suggestions on how best to approach writing a custom component which would look for and honour the special headers ?

I'm currently studying the ASP.NET Core documentation but the only examples I've turned up so far are related to security policy customisation rather than custom behaviour.

[weidazhao]

@johnkattenhorn You usually can register your own middlewares and adjust the orders in Startup.Configure(). If you need to register a middleware that has to run as the first in the pipeline, you could register it with IStartupFilter. I used the same mechanism in the Service Fabric Hosting component: https://github.com/weidazhao/Hosting/blob/master/Microsoft.ServiceFabric.AspNetCore.Hosting/Internal/ServiceFabricStartupFilter.cs.

Let me know if this helps.

[johnkattenhorn]

Ok thanks, IStartup Filter might be useful as I put together a simple middleware together but it had no effect, the ASP.NET Identity stuff jumped in first and therefore didn’t hit the middleware.