stackoom
  简体   繁体   中英

Blazor (server side) authentication and static files

 原文  2022-12-09 13:08:26       asp.net-core/ blazor/ blazor-server-side

Question

As per Microsoft's recommendation, I am using a custom AuthenticationStateProvider service for handling authentication/authorization for a Blazor server page.

It all works fine within razor components, where I can use the [Authorize] attribute or the AuthorizeView/Authorized/NotAuthorized tags.

Now, I wanted to serve static files outside the wwwroot folder but have control if the user is authenticated or not in order to serve the files.

Is there a way to control access to static files served outside the wwwroot folder?

What I found is something similar to (in program or startup):

app.UseStaticFiles(new StaticFileOptions
{    
    OnPrepareResponse = (context) =>
    {        
        if (context.Context.Request.Path.StartsWithSegments("/MyRequestPath"))
        {
            context.Context.Response.Headers.Add("Cache-Control", "no-store");

            if (!context.Context.User.Identity.IsAuthenticated)
            {
                context.Context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                context.Context.Response.ContentLength = 0;
                context.Context.Response.Body = Stream.Null;
            }
        }
    },
    FileProvider = new PhysicalFileProvider("PathToMyFilesOutsidewwwroot"),
    RequestPath = "/RequestPath"
    });

The problem with that is that is uses Context.User.Identity.IsAuthenticated, ie, it uses HTTPContext, which is not available within a Blazor page (and that is why we have to use AuthenticationStateProvider).

I'd like to stick to just using Blazor best practices, and not try to circumvent it via scaffoldding, javascript, or whatever.

Thanks in advance.

1 answers

solution1
 0  2022-12-28 13:56:27

In the end I sticked to using the app.UseStaticFiles... approach, but in order to make it work I had to add authentication via cookies (outside of Blazor). Inside of Blazor I still use AuthenticationStateProvider, so the only thing that I had to take care is to authenticate via cookies and AuthenticationStateProvider at the same time when a user logs in. I suppose it makes sense, because authentication via cookies (prior to entering the Blazor "environment") gives me also the chance to call controllers or other pages out the razor components while still being authenticated (via cookies).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OIDC authentication in server-side Blazor Blazor (server side) authentication and controller pages How to enable Windows authentication with server side Blazor Download File in Blazor Server Side with Authentication How do I extend the authentication process in a blazor server side app? Using Blazor server side ellipsis in server side blazor Blazor Server Side AllowAnonymousToFolder Can't load static files on Blazor server behind NGINX proxy How to rename bundled static files(ProjectName.style.css and blazor.server.js) in The Blazor App
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM