From 23a07104f8518c924fbfbcdb79402a0d76300a73 Mon Sep 17 00:00:00 2001
From: Andy Pack <andy@sarsoo.xyz>
Date: Mon, 23 Jan 2023 08:03:48 +0000
Subject: [PATCH] properly authing web pages with only cookies

---
 Selector.Web/Auth/AuthConstants.cs |  9 +++++++++
 Selector.Web/Startup.cs            | 21 ++++++++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 Selector.Web/Auth/AuthConstants.cs

diff --git a/Selector.Web/Auth/AuthConstants.cs b/Selector.Web/Auth/AuthConstants.cs
new file mode 100644
index 0000000..ebe0401
--- /dev/null
+++ b/Selector.Web/Auth/AuthConstants.cs
@@ -0,0 +1,9 @@
+using System;
+namespace Selector.Web.Auth
+{
+	public static class AuthConstants
+	{
+		public const string CookieAuthentication = "Identity-Cookie";
+	}
+}
+
diff --git a/Selector.Web/Startup.cs b/Selector.Web/Startup.cs
index b157a2c..d17f7a9 100644
--- a/Selector.Web/Startup.cs
+++ b/Selector.Web/Startup.cs
@@ -58,7 +58,21 @@ namespace Selector.Web
                 options.ClientSecret = config.ClientSecret;
             }); 
 
-            services.AddRazorPages().AddRazorRuntimeCompilation();
+            services.AddRazorPages(o =>
+            {
+                o.Conventions.AllowAnonymousToPage("/");
+                o.Conventions.AuthorizePage("/Now", AuthConstants.CookieAuthentication);
+                o.Conventions.AuthorizePage("/Past", AuthConstants.CookieAuthentication);
+                o.Conventions.AllowAnonymousToPage("/Privacy");
+                o.Conventions.AllowAnonymousToPage("/Error");
+                o.Conventions.AllowAnonymousToAreaPage("Identity", "/Login");
+                o.Conventions.AllowAnonymousToAreaPage("Identity", "/Logout");
+                o.Conventions.AllowAnonymousToAreaPage("Identity", "/Register");
+                o.Conventions.AllowAnonymousToAreaPage("Identity", "/AccessDenied");
+                o.Conventions.AllowAnonymousToAreaPage("Identity", "/Lockout");
+                o.Conventions.AuthorizeAreaPage("Identity", "/Manage", AuthConstants.CookieAuthentication);
+            })
+                    .AddRazorRuntimeCompilation();
             services.AddControllers();
             services.AddSignalR(o => o.EnableDetailedErrors = true);
             services.AddHttpClient();
@@ -157,6 +171,11 @@ namespace Selector.Web
                     .RequireAuthenticatedUser()
                     .AddAuthenticationSchemes(IdentityConstants.ApplicationScheme, JwtBearerDefaults.AuthenticationScheme)
                     .Build();
+
+                options.AddPolicy(AuthConstants.CookieAuthentication, new AuthorizationPolicyBuilder()
+                    .RequireAuthenticatedUser()
+                    .AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
+                    .Build());
             });
 
             services.AddTransient<JwtTokenService>();