I have an ASP.NET Core 5 web app that's using ASP.NET Core Identity for authorization. I have scaffolded all of the Identity UI so that I can see how it works.
Within the scaffolded Razor pages in the "Identity" area, I can see several page model classes that are decorated with [AllowAnonymous]
, but I can't see any reference to anything that restricts access.
There must be something somewhere, though, because some pages in the template website are accessible when not signed in (even though they do not have [AllowAnonymous]
), yet most pages in the scaffolded Identity
area are not accessible unless signed-in.
How is this achieved? I expected to see a call to AuthorizeFolder
(or AuthorizeAreaFolder
) but I can't see one anywhere in the project.
I'd like to add some authorization rules of my own, but I'd like to know what the existing rules are before I start making changes.
CodePudding user response:
To maintain full control of the Identity UI, run the Identity scaffolder and select Override all files.
You might want to do this to have full control of the Identity UI.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<IdentityUser, IdentityRole>()
// services.AddDefaultIdentity<IdentityUser>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeAreaFolder("Identity", "/Account/Manage");
options.Conventions.AuthorizeAreaPage("Identity", "/Account/Logout");
});
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = $"/Identity/Account/Login";
options.LogoutPath = $"/Identity/Account/Logout";
options.AccessDeniedPath = $"/Identity/Account/AccessDenied";
});
// using Microsoft.AspNetCore.Identity.UI.Services;
services.AddSingleton<IEmailSender, EmailSender>();
}
Reference: Create full Identity UI source