All geek questions in one place

Login redirection for unauthorized access in ASP.NET Core

The previous ASP.NET MVC introduced the ability to redirect to the login action if the user has not been authenticated.

I need the same with ASP.NET Core, so I:

  • created an ASP.NET Core project from a Visual Studio template
  • added [Authorize] to an arbitrary action
  • opened the corresponding view in my browser

I do not expect a redirect because I did not configure it. BUT, it is automatically redirected to the login action!

Where / how is this parameter set?

+16
source share
5 answers

You can customize the path using the CookieAuthenticationOptions class.

Something like that.

 app.UseCookieAuthentication(new CookieAuthenticationOptions { LoginPath = new PathString("/Login/"), AuthenticationType = "My-Magical-Authentication", // etc... }, });
+3
source

With the current aspnet kernel version (2.1.0), this has changed, now use can use extensions:

  services.ConfigureApplicationCookie(options => options.LoginPath = "/login");

or

  services .AddAuthentication() .AddCookie(options => { options.LoginPath = "/login"; options.LogoutPath = "/logout"; });

You can learn more about migrating to 2.0 in this article .

+11
source

For those who are interested, this can also be done with the AddIdentity service provider.

 services.AddIdentity<User, IdentityRole>(options => { options.Cookies.ApplicationCookie.AutomaticAuthenticate = true; options.Cookies.ApplicationCookie.AutomaticChallenge = true; options.Cookies.ApplicationCookie.LoginPath = "/Auth/Login"; }) .AddEntityFrameworkStores<MehandiContext>() .AddDefaultTokenProviders();

And as explained here: fooobar.com/questions/1258712 / ...

I tried this in April 2017, and "Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.1.0" did not redirect; I had to use version 1.0.1

+4
source

The redirect did not work in my application at all, and none of the solutions here fixed it, but using Status Code Pages :

  app.UseStatusCodePages(async context => { var response = context.HttpContext.Response; if (response.StatusCode == (int)HttpStatusCode.Unauthorized || response.StatusCode == (int)HttpStatusCode.Forbidden) response.Redirect("/Authentication"); });
+1
source

The way the dotnet core protects cookie authentication uses the Identity platform. For a new project, I recommend going to the command line and doing something like this:

 dotnet new mvc -o ExampleProject --auth Individual

You can get full control over the authentication process by changing the following method in Startup.cs like this:

 public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer( Configuration.GetConnectionString("DefaultConnection"))); services.AddIdentity<IdentityUser, IdentityRole>() // services.AddDefaultIdentity<IdentityUser>() .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders(); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1) .AddRazorPagesOptions(options => { options.AllowAreas = true; options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage"); options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout"); }); services.ConfigureApplicationCookie(options => { options.LoginPath = $"/Identity/Account/Login"; options.LogoutPath = $"/Identity/Account/Logout"; options.AccessDeniedPath = $"/Identity/Account/AccessDenied"; }); // using Microsoft.AspNetCore.Identity.UI.Services; services.AddSingleton<IEmailSender, EmailSender>(); }

Link: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-2.2&tabs=visual-studio#full

My personal preference for authentication is the IdentityServer4 hybrid stream, giving you the ability to configure multiple applications using single sign-on.

-3
source

Source: https://habr.com/ru/post/1258710/

More articles:


All Articles