asp.net core 2.0 – How to disable: the Authorize attribute automatically logs the user

I'm having a problem with the identity server.

When it is not authenticated If I try to access an action that has the authorization attribute, I am taken to the login page to log in (as expected)

After I close the session, then I try to access an action that has the authorization attribute, I am given access.

After logging out When I access an unsecured action, I can see that User.Identity.IsAuthenticated is false, but when I try to access a secure action, I am granted access and I see that User.Identity.IsAuthenticated It is true.

I guess this is part of the functionality. How can I deactivate it?