I'm having a problem with the identity server.
When it is not authenticated If I try to access an action that has the authorization attribute, I am taken to the login page to log in (as expected)
After I close the session, then I try to access an action that has the authorization attribute, I am given access.
After logging out When I access an unsecured action, I can see that
User.Identity.IsAuthenticated is false, but when I try to access a secure action, I am granted access and I see that
User.Identity.IsAuthenticated It is true.
I guess this is part of the functionality. How can I deactivate it?