stackoom
  简体   繁体   中英

How is access restricted in the ASP.NET Core web app template when using ASP.NET Core Identity

 原文  2021-10-27 22:49:44       asp.net-core/ razor-pages/ asp.net-core-identity

Question

I have an ASP.NET Core 5 web app that's using ASP.NET Core Identity for authorization. I have scaffolded all of the Identity UI so that I can see how it works.

Within the scaffolded Razor pages in the "Identity" area, I can see several page model classes that are decorated with [AllowAnonymous] , but I can't see any reference to anything that restricts access.

There must be something somewhere, though, because some pages in the template website are accessible when not signed in (even though they do not have [AllowAnonymous] ), yet most pages in the scaffolded Identity area are not accessible unless signed-in.

How is this achieved? I expected to see a call to AuthorizeFolder (or AuthorizeAreaFolder ) but I can't see one anywhere in the project.

I'd like to add some authorization rules of my own, but I'd like to know what the existing rules are before I start making changes.

1 answers

solution1
 0  2021-10-28 08:14:33

To maintain full control of the Identity UI, run the Identity scaffolder and select Override all files.

You might want to do this to have full control of the Identity UI.

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options =>
    {
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    services.AddDbContext<ApplicationDbContext>(options =>
        options.UseSqlServer(
            Configuration.GetConnectionString("DefaultConnection")));

    services.AddIdentity<IdentityUser, IdentityRole>()
        // services.AddDefaultIdentity<IdentityUser>()
        .AddEntityFrameworkStores<ApplicationDbContext>()
        .AddDefaultTokenProviders();

    services.AddMvc()
        .AddRazorPagesOptions(options =>
        {
            options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage");
            options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
        });

    services.ConfigureApplicationCookie(options =>
    {
        options.LoginPath = $"/Identity/Account/Login";
        options.LogoutPath = $"/Identity/Account/Logout";
        options.AccessDeniedPath = $"/Identity/Account/AccessDenied";
    });

    // using Microsoft.AspNetCore.Identity.UI.Services;
    services.AddSingleton<IEmailSender, EmailSender>();
}

Reference: Create full Identity UI source

Simple authorization in ASP.NET Core

Razor Pages authorization conventions in ASP.NET Core

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add ASP.Net identity to Asp.Net Core when webApi template is selected? How to use ASP.NET Core Identity framework in web app when only web api has access to database? Asp.Net Core 3 Web API Identity ASP.NET Core Identity in a Web API Using ASP.NET Core Identity with MongoDB ASP.NET Core using Impersonation cannot access User Identity How to get the CurrentPrincipal Identity on ASP.Net Core 2 Web Application? ASP.NET Core Identity - how to use? aspnetboilerplate issues: asp.NET core template Web app issue Identity on ASP.NET Core(3.0) not functioning when using endpoints
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM