CODEWITHSUNDEEP
c#asp.net-corerazor-pages
NewB
NewB

Reputation: 11

Razor Page Can't Validate Policy

I am using VS 2019, ASP.Net Core 5 with Razor Pages (not MVC). I have a simple Razor Page with Authorization Policy. The below is an extract from the code, I have simplified it a little for this post and replaced global constants with literals.

Razor Page Directive:

[Authorize(Policy = "AuthUsers")]

The policy is described in Startup.cs

services.AddAuthorization(options =>
options.AddPolicy("AuthUsers", policy => policy.RequireClaim("Users")));

The Login Page creates the Claims principal with the above claim like this:

var Claims = new List { new Claim(ClaimTypes.Email, Input.Email)) }; Claims.Add(new Claim("Users", "1")); var claimsIdentity = new ClaimsIdentity(Claims, CookieAuthenticationDefaults.AuthenticationScheme); ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentity);

After a successful login, I verified that the claim has been setup correctly but each time I go to the razor page it returns to the login page to authorize, even though the user is clearly logged in and "Logout" link is active.

Upvotes: 0

Views: 409

Answers (1)

Roger
Roger

Reputation: 1082

Check if you have these lines in this order:

app.UseAuthentication();
app.UseAuthorization();

The other way around like this:

app.UseAuthorization();
app.UseAuthentication();

is an explanation for the behaviour you describe. After succesfully authenticate the login you will never get authorization.

Upvotes: 1

Related Questions