I want to make a static site using Gatsby . This is all good, but I want to have authentication and authorization in place, since this is an internal site - only an employee of my company should have access to it. I was thinking about this, and without any server component it is impossible (?) To authenticate users securely without any backend. I thought I could use ASP.NET Core to serve static files and have Google authentication and authorization (to work) in front of these static files.
It StaticFileHandler does not seem to support StaticFileHandler design authorization , as it is only responsible for maintaining static files that are publicly available. I managed to get Google authentication to work using the attribute of Authorizemy root action (which listens to '/'), and having login actions that called Challengeand the user was redirected to Google for authentication. Further reading in the documentation for processing static files says:
The static file module does not provide authorization checks. Any files served by him, including under wwwroot, are publicly available. To service files based on authorization:
- Store them outside wwwroot and any directory available for a static middleware file and
- Serve them through a controller action, returning a FileResult where authorization is applied
So now I have an action Indexon mine HomeControllerthat looks like this:
[Authorize]
public IActionResult Index()
{
return View();
}
I am not very happy with this decision. Should I get all this to work with middleware instead of using MVC? Is this even the right way to do this? Are there any better ways to do this?
source
share