Reputation: 15081
Can UserManager.GetUserAsync(User) return null in a class with Authorize attribute?
I am using Asp.net core 2.0 MVC with Individual User Account enabled. The automatically-generated ManageController class is attributed by [Authorize].
I find there are some action methods with the following code snippet.
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
throw new ApplicationException($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
}
Question
In my mental model, being authorized guarantees being a registered user. So such a null checking in authorized classes seems to be unnecessary. I want to know whether or not UserManager.GetUserAsync(User) can return null in a class with Authorize attribute?
Upvotes: 1
Views: 1211
Answers (1)
Reputation: 42010
I want to know whether or not UserManager.GetUserAsync(User) can return null in a class with Authorize attribute?
It can, if the user entry was removed from the database after the user logged in (by default, cookies are validated after 30 minutes so they can still be "valid" even after the corresponding user was removed from the database).
Upvotes: 3
Related Questions
- HandleAuthenticateAsync called even without [Authorize] attribute
- Identity userManager.FindByNameAsync() returns null value
- why does UserManager.GetUserAsync not return?
- UserManager.FindAsync always returns null
- UserManager's CreateAsync method doesn't work (Identity)
- _userManager.GetUserAsync(User) returns null
- Why does UserManager.GetUserAsync return null when using JWT?
- Getting user data without callling GetUserAsync on every request
- asp net core get user async fails
- FindAsync returns null despite UserManager extension method