properly authing web pages with only cookies
This commit is contained in:
parent
d5ec3b992d
commit
23a07104f8
9
Selector.Web/Auth/AuthConstants.cs
Normal file
9
Selector.Web/Auth/AuthConstants.cs
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
using System;
|
||||||
|
namespace Selector.Web.Auth
|
||||||
|
{
|
||||||
|
public static class AuthConstants
|
||||||
|
{
|
||||||
|
public const string CookieAuthentication = "Identity-Cookie";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -58,7 +58,21 @@ namespace Selector.Web
|
|||||||
options.ClientSecret = config.ClientSecret;
|
options.ClientSecret = config.ClientSecret;
|
||||||
});
|
});
|
||||||
|
|
||||||
services.AddRazorPages().AddRazorRuntimeCompilation();
|
services.AddRazorPages(o =>
|
||||||
|
{
|
||||||
|
o.Conventions.AllowAnonymousToPage("/");
|
||||||
|
o.Conventions.AuthorizePage("/Now", AuthConstants.CookieAuthentication);
|
||||||
|
o.Conventions.AuthorizePage("/Past", AuthConstants.CookieAuthentication);
|
||||||
|
o.Conventions.AllowAnonymousToPage("/Privacy");
|
||||||
|
o.Conventions.AllowAnonymousToPage("/Error");
|
||||||
|
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Login");
|
||||||
|
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Logout");
|
||||||
|
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Register");
|
||||||
|
o.Conventions.AllowAnonymousToAreaPage("Identity", "/AccessDenied");
|
||||||
|
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Lockout");
|
||||||
|
o.Conventions.AuthorizeAreaPage("Identity", "/Manage", AuthConstants.CookieAuthentication);
|
||||||
|
})
|
||||||
|
.AddRazorRuntimeCompilation();
|
||||||
services.AddControllers();
|
services.AddControllers();
|
||||||
services.AddSignalR(o => o.EnableDetailedErrors = true);
|
services.AddSignalR(o => o.EnableDetailedErrors = true);
|
||||||
services.AddHttpClient();
|
services.AddHttpClient();
|
||||||
@ -157,6 +171,11 @@ namespace Selector.Web
|
|||||||
.RequireAuthenticatedUser()
|
.RequireAuthenticatedUser()
|
||||||
.AddAuthenticationSchemes(IdentityConstants.ApplicationScheme, JwtBearerDefaults.AuthenticationScheme)
|
.AddAuthenticationSchemes(IdentityConstants.ApplicationScheme, JwtBearerDefaults.AuthenticationScheme)
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
|
options.AddPolicy(AuthConstants.CookieAuthentication, new AuthorizationPolicyBuilder()
|
||||||
|
.RequireAuthenticatedUser()
|
||||||
|
.AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
|
||||||
|
.Build());
|
||||||
});
|
});
|
||||||
|
|
||||||
services.AddTransient<JwtTokenService>();
|
services.AddTransient<JwtTokenService>();
|
||||||
|
Loading…
Reference in New Issue
Block a user