Soheil Alizadeh
Reputation: 3066
Ignore Authentication Validation for static files in ASP.NET Identity
I use asp.net identity 2 in my application for implement Identity system. When I Profile my application with EF Profiler.
I see some problem that it is connected to the database in per static file request. this is so bad for performance and page loading speed.
for solving this problem I write following code:
Global.asax
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (shouldIgnoreRequest())
return;
if (Context.User == null)
return;
}
private bool shouldIgnoreRequest()
{
string[] reservedPath =
{
"/__browserLink",
"/favicon.ico",
"/img",
"/css"
,"/w",
"/js"
};
var rawUrl = Context.Request.RawUrl;
if (reservedPath.Any(path => rawUrl.StartsWith(path, StringComparison.OrdinalIgnoreCase)))
{
return true;
}
return BundleTable.Bundles.Select(bundle => bundle.Path.TrimStart('~'))
.Any(bundlePath => rawUrl.StartsWith(bundlePath, StringComparison.OrdinalIgnoreCase));
}
RouteConfig.cs
routes.IgnoreRoute("img/{*pathinfo}");
routes.IgnoreRoute("js/{*pathinfo}");
routes.IgnoreRoute("css/{*pathinfo}");
routes.IgnoreRoute("{file}.gif");
routes.IgnoreRoute("{file}.jpg");
routes.IgnoreRoute("{file}.js");
routes.IgnoreRoute("{file}.css");
routes.IgnoreRoute("{file}.png");
routes.IgnoreRoute("{file}.pdf");
routes.IgnoreRoute("{file}.htm");
routes.IgnoreRoute("{file}.html");
routes.IgnoreRoute("{file}.swf");
routes.IgnoreRoute("{file}.txt");
routes.IgnoreRoute("{file}.xml");
routes.IgnoreRoute("{*favicon}", new { favicon = @"(.*/)?favicon.ico(/.*)?" });
How Can I Ignore this requests for authentication?
Upvotes: 2
Views: 1790
Answers (1)
VahidN
Reputation: 19136
Try customizing the OnValidateIdentity to ignore unwanted requests:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
// ...
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = context =>
{
if(shouldIgnoreRequest(context)) // How to ignore Authentication Validations for static files in ASP.NET Identity
{
return Task.FromResult(0);
}
return container.GetInstance<IApplicationUserManager>().OnValidateIdentity().Invoke(context);
}
},
// ...
});
Using this method
private static bool shouldIgnoreRequest(CookieValidateIdentityContext context)
{
string[] reservedPath =
{
"/__browserLink",
"/img",
"/fonts",
"/Scripts",
"/Content",
"/Uploads",
"/Images"
};
return reservedPath.Any(path => context.OwinContext.Request.Path.Value.StartsWith(path, StringComparison.OrdinalIgnoreCase)) ||
BundleTable.Bundles.Select(bundle => bundle.Path.TrimStart('~')).Any(bundlePath => context.OwinContext.Request.Path.Value.StartsWith(bundlePath,StringComparison.OrdinalIgnoreCase));
}
Upvotes: 4
Related Questions
- Configure anonymous access for static file from appsettings.json or startup.cs
- How to authorize access to static files based on claims
- How do I protect static files with ASP.NET form authentication on IIS 7.5?
- Protect Static Files with Authentication on ASP.NET Core
- Restrict static files access to authenticated users in ASP.Net
- Prevent IIS from serving static files through ASP.NET pipeline
- Secure static file with Forms Authentication in IIS7
- aspnet static file access with authentication
- Static files and authentication in ASP.net
- IIS7 Integrated Mode - Bypass Forms Auth for static files