You can use Fallback Policies in ASP.NET Core 3.0+ to require an Authenticated User by default. Conceptually, you can think of this as adding an
[Authorize] attribute by default to every single Controller and Razor Page ONLY WHEN no other attribute is specified on a Controller or Razor Page (like
[Authorize(PolicyName="PolicyName")]). See lines 9-11 below.
A Quick Lap Around the [Authorize] and [AllowAnonymous] Attributes
In ASP.NET Core (and even previously in ASP.NET), we’ve had the ability to add a
[Authorize] attribute to a resource (such as a Controller or Razor Page) in order to tell ASP.NET Core not to let a user access that resource unless they are authenticated.
[Authorize] attribute can also take a PolicyName parameter that tells it what Authorization Policy to execute. The Policy below says only Admins can access this page.
You can follow this link to learn more how to…
View original post 775 more words