Authentication and authorization issues in ASP.Net Web application

Question

I need to run authentication for my Web application so that different authorized users have access to specified information. I followed Introduction to Identity on ASP.NET Core (MSDN) as the to activate authentication for my users and it looks okay. I then followed Create an ASP.NET Core app with user data protected by authorization (MSDN) for authorization, but I couldn't go further.

When I run this program ...

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
        app.UseDatabaseErrorPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
    }

    app.UseStaticFiles();

    app.UseIdentity();

    app.UseMvcWithDefaultRoute();

    // Set password with the Secret Manager tool.
    // dotnet user-secrets set SeedUserPW <pw>
    var testUserPw = Configuration["SeedUserPW"];

    if (String.IsNullOrEmpty(testUserPw))
    {
        throw new System.Exception("Use secrets manager to set SeedUserPW \n" +
                                   "dotnet user-secrets set SeedUserPW <pw>");
    }

    try
    {
        SeedData.Initialize(app.ApplicationServices, testUserPw).Wait();
    }
    catch
    {
        throw new System.Exception(@"You need to update the DB
            \nPM > Update-Database \n or \n 
              > dotnet ef database update
              \nIf that doesn't work, comment out SeedData and
              register a new user");
    }

... I get this error:

System.Exception: 'You need to update the DB PM > Update-Database or > dotnet ef database update If that doesn't work, comment out SeedData and register a new user'

I updated the database and received successful update, but the error is still remained. I also changed the user and password but nothing happened.

How can I activate authentication and authorization on my Web application?

Answer 1

The code above is for Core 1.X, as of 2.0 the best practice is to move all the initialization code to the Program.cs, so please remove the empty password testing and SeedData.Initialize from Startup.cs, there's no need to modify the SeedData.cs file at all.

namespace YourApp
{
    public class Program
    {
        public static void Main(string[] args)
        {

            var host = BuildWebHost(args);

            using (var scope = host.Services.CreateScope())
            {
                var env = scope.ServiceProvider.GetRequiredService<IHostingEnvironment>();

                if(env.IsDevelopment())
                {
                    var services = scope.ServiceProvider;
                    // You can get the Configuration directly withou DI
                    // var config = new ConfigurationBuilder().AddUserSecrets<Startup>().Build();
                    var config = services.GetRequiredService<IConfiguration>();

                    string testUserPw = config["SeedUserPW"];
                    if (String.IsNullOrEmpty(testUserPw))
                    {
                        throw new Exception("Use secrets manager to set SeedUserPW \n" +
                                        "dotnet user-secrets set SeedUserPW <pw>");

                    }

                    try
                    {
                        SeedData.Initialize(services, testUserPw).Wait();
                    }
                    catch
                    {
                        throw new Exception("You need to update the DB "
                        + "\nPM > Update-Database " + "\n or \n" +
                          "> dotnet ef database update"
                          + "\nIf that doesn't work, comment out SeedData and "
                          + "register a new user");
                    }
                }
            }
            host.Run();
        }

        public static IWebHost BuildWebHost(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
               .UseStartup<Startup>()
               .Build();
    }
}