Reputation: 11
Adding Web Api Authorization to Existing Razor Pages App
I have an asp.net core 2.2 app using Razor Pages and the build in authentication. The app is secured very simply in startup.
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeFolder("/", CO.AdminUserRole);
})
.. all works well. Inside the app, i have some CRUD pages where I have a datatables grid. To edit a record, you click the edit button on the row and I use jquery to pull the details for that particular record from a web api controller.
It all works great. My only issue is that I can type in the /api/[object]/[id] into a web browser and get the data without being an authorised user.
Of course I don't want to have another authorisation process just so i can use the api. Instead, I want to be able to use the existing razor pages authorization state to authorize use of the api.
Posssible?
Upvotes: 1
Views: 449
Answers (1)
Reputation: 11
I solved this by replacing the webapi with a simple json response from the razor page - using the ideas from this blog post: https://www.mikesdotnetting.com/article/318/working-with-json-in-razor-pages
this gets me the json output i need, but also secures it as a standard razor page.
Upvotes: 0
Related Questions
- How to turn ASP.NET web app with Razor Pages into an API?
- Authorization in ASP .NET Core Razor pages
- How can i add an API in an ASP.NET Core Web App
- Starting an ASP.NET Core web project with API and razor pages
- Razor pages with existing and api with own authentication
- How to Use separate asp.net core web api in asp.net core Razor Page in Same Solution
- Add token authentication for webApi controller to existing asp.net MVC 5 application
- User-authorization on API-side with .net core
- How to add authorization to RazorPages?
- Web api authentication and MVC 4