sarsoo/Selector
1
0
Fork 0
Code Issues 21 Pull Requests Actions Packages Projects Releases Wiki Activity

properly authing web pages with only cookies

Browse Source
This commit is contained in:
Andy Pack 2023-01-23 08:03:48 +00:00
parent d5ec3b992d
commit 23a07104f8
Signed by: sarsoo
GPG Key ID: A55BA3536A5E0ED7
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Selector.Web/Auth/AuthConstants.cs Normal file
View File

@ -0,0 +1,9 @@
using System;
namespace Selector.Web.Auth
{
public static class AuthConstants
{
public const string CookieAuthentication = "Identity-Cookie";
}
}

21
Selector.Web/Startup.cs
View File

@ -58,7 +58,21 @@ namespace Selector.Web
options.ClientSecret = config.ClientSecret;
});
services.AddRazorPages().AddRazorRuntimeCompilation();
services.AddRazorPages(o =>
{
o.Conventions.AllowAnonymousToPage("/");
o.Conventions.AuthorizePage("/Now", AuthConstants.CookieAuthentication);
o.Conventions.AuthorizePage("/Past", AuthConstants.CookieAuthentication);
o.Conventions.AllowAnonymousToPage("/Privacy");
o.Conventions.AllowAnonymousToPage("/Error");
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Login");
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Logout");
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Register");
o.Conventions.AllowAnonymousToAreaPage("Identity", "/AccessDenied");
o.Conventions.AllowAnonymousToAreaPage("Identity", "/Lockout");
o.Conventions.AuthorizeAreaPage("Identity", "/Manage", AuthConstants.CookieAuthentication);
})
.AddRazorRuntimeCompilation();
services.AddControllers();
services.AddSignalR(o => o.EnableDetailedErrors = true);
services.AddHttpClient();
@ -157,6 +171,11 @@ namespace Selector.Web
.RequireAuthenticatedUser()
.AddAuthenticationSchemes(IdentityConstants.ApplicationScheme, JwtBearerDefaults.AuthenticationScheme)
.Build();
options.AddPolicy(AuthConstants.CookieAuthentication, new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
.Build());
});
services.AddTransient<JwtTokenService>();