Last post Jul 07, 2020 07:25 PM by wavuti
None
0 Points
2 Posts
Jul 07, 2020 03:57 PM|wavuti|LINK
I have setup to login pages for two areas in the application:
/Areas/Admin/Login /Areas/Staff/Login
The ConfigureServices method:
public void ConfigureServices(IServiceCollection services) { services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer( Configuration.GetConnectionString("DefaultConnection"))); services.AddDefaultIdentity<AppUser>(options => options.SignIn.RequireConfirmedAccount = true) .AddRoles<IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>();
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<AppUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddRazorPages().AddRazorPagesOptions(options => { // authenticated staff only options.Conventions.AuthorizeAreaFolder("Staff", "/Manage");
services.AddRazorPages().AddRazorPagesOptions(options =>
// authenticated staff only
options.Conventions.AuthorizeAreaFolder("Staff", "/Manage");
// authenticated admin only options.Conventions.AuthorizeAreaFolder("Admin", "/"); });
// authenticated admin only
options.Conventions.AuthorizeAreaFolder("Admin", "/");
});
}
How do I go about ensuring that any unauthorized user in the respective areas(admin and staff) get redirected to the right login page?
Thanks in advance!
All-Star
52971 Points
23571 Posts
Jul 07, 2020 06:23 PM|mgebhard|LINK
The standard solution is role based security where the roles are stored in a database table. There is no logically way to restrict user access to an area before you know who the user is and what role the user is in.
Jul 07, 2020 07:25 PM|wavuti|LINK
Thanks, was able to restrict the area with this:
services.AddRazorPages().AddRazorPagesOptions(options => { // authenticated user only options.Conventions.AuthorizeAreaFolder("Player", "/Manage");
// authenticated user only
options.Conventions.AuthorizeAreaFolder("Player", "/Manage");
// user with certain roles only options.Conventions.AuthorizeAreaFolder("Admin", "/"); });
// user with certain roles only
And then created an initial login page for determinging which login page to redirect to based on the return url
None
0 Points
2 Posts
How do I setup multiple login pages in ASP.NET Core Razor Pages?
Jul 07, 2020 03:57 PM|wavuti|LINK
I have setup to login pages for two areas in the application:
/Areas/Admin/Login
/Areas/Staff/Login
The ConfigureServices method:
public void ConfigureServices(IServiceCollection services){services.AddDbContext<ApplicationDbContext>(options =>options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));services.AddDefaultIdentity<AppUser>(options => options.SignIn.RequireConfirmedAccount = true).AddRoles<IdentityRole>().AddEntityFrameworkStores<ApplicationDbContext>();services.AddRazorPages().AddRazorPagesOptions(options =>{// authenticated staff onlyoptions.Conventions.AuthorizeAreaFolder("Staff", "/Manage");// authenticated admin onlyoptions.Conventions.AuthorizeAreaFolder("Admin", "/");});}How do I go about ensuring that any unauthorized user in the respective areas(admin and staff) get redirected to the right login page?
Thanks in advance!
All-Star
52971 Points
23571 Posts
Re: How do I setup multiple login pages in ASP.NET Core Razor Pages?
Jul 07, 2020 06:23 PM|mgebhard|LINK
The standard solution is role based security where the roles are stored in a database table. There is no logically way to restrict user access to an area before you know who the user is and what role the user is in.
None
0 Points
2 Posts
Re: How do I setup multiple login pages in ASP.NET Core Razor Pages?
Jul 07, 2020 07:25 PM|wavuti|LINK
Thanks, was able to restrict the area with this:
services.AddRazorPages().AddRazorPagesOptions(options =>{// authenticated user onlyoptions.Conventions.AuthorizeAreaFolder("Player", "/Manage");// user with certain roles onlyoptions.Conventions.AuthorizeAreaFolder("Admin", "/");});And then created an initial login page for determinging which login page to redirect to based on the return url