CODEWITHSUNDEEP
asp.net-coreauthorizationblazor
Anonjg8934
Anonjg8934

Reputation: 59

Blazor Server Side AllowAnonymousToFolder

I have added Azure AD authentication so that all requests to the application has to login. But I would like to seperate this since I have a "Public" and "Private" folder for my pages.

I found this https://learn.microsoft.com/en-us/aspnet/core/security/authorization/razor-pages-authorization?view=aspnetcore-5.0 which is what I need, but once I go to a page in the public folder, I still get prompted to login.

Expected result: All the pages in the /Pages/Public folder will not prompt login.

Result: When navigationg to a page in the /Pages/Public folder Im prompted with a login request.

Im relatively new at Server side Blazor and Net Core so its very possible that Im missunderstanding something or that this functionality isnt available for Blazor. If so then might I get a hint to what to look at instead?

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(options =>
{
      Configuration.Bind("AzureAD", options);
      options.Events ??= new OpenIdConnectEvents();
      options.Events.OnTokenValidated += OnTokenValidatedFunc;
});
services.AddRazorPages(options =>
{
     //No error here but no effect either
     options.Conventions.AllowAnonymousToFolder("/Pages/Public");
}).AddMvcOptions(options =>
{
     var policy = new AuthorizationPolicyBuilder()
                      .RequireAuthenticatedUser()
                      .Build();
     options.Filters.Add(new AuthorizeFilter(policy));
                
}).AddMicrosoftIdentityUI();

Upvotes: 1

Views: 637

Answers (1)

Brian Parker
Brian Parker

Reputation: 14573

Use @attribute [Authorize(Policy = "Whatever")] in a new _Imports.razor in the folder with all the pages which require Auth. This will add the Authorize attribute to all pages in that folder and below. You will have to remove your global Auth. requirement though.

Upvotes: 2

Related Questions