Kernel ASP.Net MVC6 Redirect to Login if it is not authorized

Question

Kernel ASP.Net MVC6 Redirect to Login if it is not authorized

I am using ASP.Net core MVC 6, I am trying to redirect the user to the login page if they are not authenticated.

I can't get it to work, currently the user is just getting a blank page.

Below is my ConfigureServices method in Startup.cs

public void ConfigureServices(IServiceCollection services) { // Add framework services. services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")) ); services.AddIdentity<ApplicationUser, IdentityRole>(options => { // configure identity options options.Password.RequireDigit = true; options.Password.RequireLowercase = true; options.Password.RequireUppercase = true; options.Password.RequireNonAlphanumeric = true; options.Password.RequiredLength = 7; options.Cookies.ApplicationCookie.AutomaticAuthenticate = true; options.Cookies.ApplicationCookie.AutomaticChallenge = true; options.Cookies.ApplicationCookie.LoginPath = "/Account/Login"; // User settings options.User.RequireUniqueEmail = true; }) .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders(); services.AddMvc(); // Add application services. services.AddTransient<IEmailSender, AuthMessageSender>(); services.AddTransient<ISmsSender, AuthMessageSender>(); }

+3

c # asp.net-mvc asp.net-core-mvc .net-core

Mike u Jan 03 '17 at 11:15

source share

2 answers

Same problem. A quick fix when this problem is resolved:

 public class LogInRequiredFilter : IAuthorizationFilter { public void OnAuthorization(AuthorizationFilterContext context) { if (!AttributeManager.HasAttribute(context, typeof(LogInRequired))) return; if (context.HttpContext.User.Identity.IsAuthenticated) return; context.Result = new RedirectResult("/login?ReturnUrl=" + Uri.EscapeDataString(context.HttpContext.Request.Path)); } } public class LogInRequired : Attribute { public LogInRequired() { } }

And then in your controller:

  [HttpGet, LogInRequired] public IActionResult return View(); }

This will redirect you to your login page and then redirect you to the original page that you would like to access.

Attribute Manager Code:

 public static Boolean HasAttribute(AuthorizationFilterContext context, Type targetAttribute) { var hasAttribute = false; var controllerActionDescriptor = context.ActionDescriptor as ControllerActionDescriptor; if (controllerActionDescriptor != null) { hasAttribute = controllerActionDescriptor .MethodInfo .GetCustomAttributes(targetAttribute, false).Any(); } return hasAttribute; }

+3

Mariano soto Feb 27 '17 at 17:51

source share

martinip86 · Accepted Answer · 2017-01-13T20:41:36+0000

I just struggled with this myself, and I came to the conclusion that in the latest version of "Microsoft.AspNetCore.Identity.EntityFrameworkCore" the dependency seems to be a problem .

I initially used version 1.1.0, but after a lot of debugging, logging owin middleware, etc., I came to the conclusion that I did nothing wrong. I checked:

The authorized attribute worked and blocked the request

Added event handlers (OnRedirectToLogin), as shown below, to check the redirect URL (this was only for debugging)

 options.Cookies.ApplicationCookie.Events = new CookieAuthenticationEvents { OnRedirectToLogin = evt => { evt.Response.Redirect(evt.RedirectUri); // this url is correct, but the redirect never happens!?? return Task.FromResult(0); } };

Resolution : I rolled back my package to version 1.0.1, and then redirected it, as expected, to the URL defined in Startup.cs in the LoginPath setting

 options.Cookies.ApplicationCookie.LoginPath = new PathString("/Auth/Login");

To clarify, this version works: Microsoft.AspNetCore.Identity.EntityFrameworkCore ":" 1.0.1 "

I am going to raise an error with the ASPNETCORE team to investigate version 1.1.0.

Kernel ASP.Net MVC6 Redirect to Login if it is not authorized

More articles: