Reputation: 385
Asp.net Core MVC Authorize Attribute not blocking
Authorize attribute is not working. I am not logged in and it allows me to access this function.
i have played around with my Startup.cs attached at the bottom. Please help me get started with this. I have successfully used these methods on previous version of MVC, but I am not successful yet with MVC core.
After this I am looking to add roles. Any direction on where to start with that would be appreciated. Thanks
public class SecurityAccessController : Controller
{
private SecurityAccessDbContext SecurityAccessDbContext { get; set; }
public SecurityAccessController([FromServices] SecurityAccessDbContext SecurityAccessDbContext)
{
this.SecurityAccessDbContext = SecurityAccessDbContext;
}
// GET: /<controller>/
[Authorize]
public IActionResult Index()
{
return View();
}
}
This is my Start Up.cs Updated as recommended by the below comment
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMemoryCache();
services.AddSession();
//Added
services.AddBootstrapPagerGenerator(options => {options.ConfigureDefault();});
//Database services
services.AddEntityFrameworkSqlServer().AddDbContext<SecurityAccessDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
services.AddEntityFrameworkSqlServer().AddDbContext<AcumaticaDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
services.AddEntityFrameworkSqlServer().AddDbContext<RMADbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
services.AddEntityFrameworkSqlServer().AddDbContext<WarrantyDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
services.AddEntityFrameworkSqlServer().AddDbContext<GenericDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
services.AddEntityFrameworkSqlServer().AddDbContext<ApplicationIdentityDbContext>(options => { options.UseSqlServer(Configuration["ConnectionStrings:Accumatica"]); });
services.AddIdentity<ApplicationUser, ApplicationRole>(options =>
{
options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";
options.Cookies.ApplicationCookie.AccessDeniedPath = "/Home/AccessDenied";
})
.AddEntityFrameworkStores<ApplicationIdentityDbContext>()
.AddDefaultTokenProviders();
services.AddMvc();
services.AddTransient<IEmailSender, AuthMessageSender>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseSession();
app.UseIdentity();
app.UseMvcWithDefaultRoute();
}
Upvotes: 1
Views: 2208
Answers (3)
Reputation: 15
The above answer also helped me, but I can add that if you want the [AllowAnonymous] attribute to work you will also need to change the anonymousAuthentication to true:
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
Upvotes: 0
Reputation: 385
I found the issue
the file launchsettings.json had
"iisSettings": {
"windowsAuthentication": true,
I changed to
"iisSettings": {
"windowsAuthentication": false,
Upvotes: 3
Reputation: 2282
Add Identity before adding Mvc. Furthermore you don't need to add Authorization as that's already done when adding Identity as seen here. You also can configure your identity options such as the login path, without needing configure CookieAuthenticationOptions. Instead you can configure it when adding Identity.
Here's a snippet of what the code could look like.
// Remove me
// services.AddAuthorization();
// Remove me too
// services.Configure<CookieAuthenticationOptions>(options =>
// ....
services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
options.Cookies.ApplicationCookie.LoginPath = "/Account/Login";
options.Cookies.ApplicationCookie.AccessDeniedPath = "/Home/AccessDenied";
options.Cookies.ApplicationCookie.AutomaticChallenge = true;
options.Cookies.ApplicationCookie.AutomaticAuthenticate = true;
})
.AddEntityFrameworkStores<ApplicationIdentityDbContext>()
.AddDefaultTokenProviders();
services.AddMvc();
Upvotes: 4
Related Questions
- HandleAuthenticateAsync called even without [Authorize] attribute
- AuthorizeAttribute does nothing in ASP.NET Core 3 MVC
- Authorize attribute failing to block requests in ASP.Net Core 3.0 Web API
- Authorize Attribute Still Passes As Successful Even If User Isn't Logged In
- Using Asp.Net Core Identity in MVC, Authorize attribute is rebouncing to login page after succesfull login
- Authorize attribute not working MVC 5
- Mvc Authorize attribute is not working
- Authorize Attribute working unexpectively
- Overriding AuthorizeCore from AuthorizeAttribute is not being invoked
- ASP.NET MVC Authorize Attribute - NOT WORKING!