Reputation: 3555
Disable authentication in Asp.Net Core 3.0 for development
How can I disable authentication during development for controllers that have an [Authorize] attribute?
Here is an answer for .net core 2, but it uses AddMvc() which isn't in use in .net core 3.0.
I tried this:
services.AddControllers().AddMvcOptions(opts => opts.Filters.Add<AllowAnonymousFilter>());
It still returned a 401; I don't know if that's even on the right track.
Update:
The previously linked post has been updated with answers that work with 3.x.
Asp.net "disable" authentication in development environment
Upvotes: 3
Views: 9980
Answers (3)
Reputation: 21
Just go to launchSettings.json in your project:
then set "anonymousAuthentication" to "true".
Upvotes: 2
Reputation: 5085
You could try something like this.
public class Startup
{
public Startup(IConfiguration configuration, IWebHostEnvironment env)
{
Configuration = configuration;
Environment = env;
}
public Microsoft.AspNetCore.Hosting.IWebHostEnvironment Environment { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers(opts =>
{
if (Environment.IsDevelopment())
{
opts.Filters.Add<AllowAnonymousFilter>();
}
else
{
var authenticatedUserPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
opts.Filters.Add(new AuthorizeFilter(authenticatedUserPolicy));
}
});
}
}
Upvotes: 1
Reputation: 429
How about automatically logging the user in with "test" Claim information when in development. For example, let's say when you are in non-development environments you use something like below to authorize a user:
// Checked the database and user is legit so populate the claims
// Create the identity for the user. userList is var or list populated from database. userEmail is the user's email or some other identifier.
identity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Name, userList.fullname),
new Claim(ClaimTypes.Role, userList.userrole),
new Claim(ClaimTypes.NameIdentifier, userEmail),
}, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var login = HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
return RedirectToAction("Index", "Home");
When you are in development you can do something like:
// You may need to inject Microsoft.AspNetCore.Hosting.IHostingEnvironment. I use .Net core 2.2 so not sure about 3.
if (env.EnvironmentName == "Development")
{
// In Development so create "test" claim information and automatically authorize the user
// Create the identity for the user
identity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Name, "Test User"),
new Claim(ClaimTypes.Role, "Tester"),
new Claim(ClaimTypes.NameIdentifier, "[email protected]"),
}, CookieAuthenticationDefaults.AuthenticationScheme);
// Populate the session user name
HttpContext.Session.SetString(SessionUserName, userList.fullname);
var principal = new ClaimsPrincipal(identity);
var login = HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
return RedirectToAction("Index", "Home");
}
Upvotes: 0
Related Questions
- ASP.NET Core disable authentication in development environment
- Asp.net Core 3.1 MVC - Disable Authentication in Development Environment
- .NET Core Bypass or turn off [Authorize(Roles="")] during local development
- Force widows authentication in .NET 3.1 to always prompt for username and password to login
- How do I disable/enable authentication at runtime in Asp.Net Core 2.2?
- ASP.Net Core 2.2 Authentication
- ASP.net Core 2 custom authentication (IsAuthenticated = false)
- ASP.NET Core disable Windows Authentication
- .net core authentication hide password from developer tools
- How can I disable automatic hash password for identity .net core