stackoom
  简体   繁体   中英

Blazor using Azure AD authentication allowing anonymous access

 原文  2020-03-20 04:05:32       azure/ authentication/ azure-active-directory/ blazor/ blazor-server-side

Question

I'm currently writing a (Server side) Blazor application that includes the default AzureAD Authentication.

This works well for authenticated users - challenging on the entrance ( _Host.cshtml ) file, redirecting and then back once authenticated.

I need to have a couple of pages not requiring authentication - I don't want the user being challenged and redirected to Microsoft.

What is the correct way to do this? I have experimented with the AllowAnonymousAttribute , the AllowAnonymousToPage razor pages options, nothing seems to stop the challenge.

Any help would be greatly appreciated!

Below is my setup for Authentication (ConfigureServices):

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
        .AddAzureAD(options => Configuration.Bind("AzureAd", options));

    services.AddControllersWithViews(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
});

    services.AddRazorPages();
    services.AddServerSideBlazor();
    services.AddTelerikBlazor();
}

And then the appropriate part in Configure:

app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers();
    endpoints.MapBlazorHub();
    endpoints.MapFallbackToPage("/_Host");
});

1 answers

solution1
 4 ACCPTED  2020-04-04 21:29:22

I found what I had to do was add the following to _Hosts.cshtml

@using Microsoft.AspNetCore.Authorization
@attribute [AllowAnonymous]

Once I did this authorization was no longer required on any of the pages by default and I could then add it to the pages where I wanted to require it.

For example if you wanted to secure the Counter.razor page just add an Authorize attribute to the top:

@attribute [Authorize]

So now if you tried to access the counter page you will get a Not authorized message.

If you want to remove the counter link when the user is not logged in modify the NavMenu.razor and surround the Counter link with an <AuthorizeView> </AuthorizeView> as so:

<AuthorizeView>
    <li class="nav-item px-3">
        <NavLink class="nav-link" href="counter">
            <span class="oi oi-plus" aria-hidden="true"></span> Counter
        </NavLink>
    </li>
</AuthorizeView>

Ideally I would have liked to just opt out of authorization for the index page and have everything else secured by default but I could not find a way to get that to work. If I tried adding the @attribute [AllowAnonymous] to the Index.razor page it seemed to ignore it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using azure AD B2C for blazor web api authentication Need guidance publishing Blazor web-app to Azure using Azure Ad for authentication Blazor Webassembly Azure AD authentication hosted in Azure storage account Is It Possible To Access SharePoint Online Data Using Azure AD Authentication? Is there a way to access azure key vault without using AD authentication? Using Azure AD for customer authentication Blazor Webassembly asp.net hosted with Microsoft Azure AD authentication Access token validation in Azure AD authentication Retrieve 2 Access Tokens on Interactive Authentication in Azure AD Azure API APP authentication using Azure AD
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM