'In ASP.NET Core, why are authorization handlers called even if authentication fails?

There is a note in the docs for Policy-based authorization in ASP.NET Core thay says:

Authorization handlers are called even if authentication fails.

But there is no further explanation why. What is the purpose of executing authorization handlers if user is not even authenticated?

c++sharpasp.net-coreasp.net-identityasp.net-authorization


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions