This is a demo of how to use the Individual Authentication on AspNet Core with Razor Pages and Identity.
With Visual Studio 2022, open the solution
Apply pending migrations from a command prompt at your project directory under MyIdentityServer project:
PM> dotnet ef database update
and run the project.
It should create a local database "aspnet-DemoCustomAuth" and open a browser with the demo page.
For a good test create two users and add some roles on the database.
For tests use the following users:
User | Password | Roles |
---|---|---|
bob | Pass123$ | Admin |
alice | Pass123$ | User |
The demo is based on the default Individual Authentication template with Razor Pages and Identity.
The main part of this code is about the CustomAttribute class:
public class MyAuthAttribute : Attribute, IAuthorizationFilter
{
public string? Role { get; set; }
public void OnAuthorization(AuthorizationFilterContext context)
{
//check access
if (CheckPermissions(context))
{
//all good, add optional code if you want. Or don't
}
else
{
//DENIED!
//return access denied on the razor page
context.Result = new RedirectToRouteResult(new RouteValueDictionary(new { area = "Identity", page = "/Account/AccessDenied" }));
}
}
private bool CheckPermissions(AuthorizationFilterContext context)
{
if (context.HttpContext.User?.Identity?.IsAuthenticated == true)
{
//check if user is in role
if (!string.IsNullOrEmpty(Role) && context.HttpContext.User.IsInRole(Role))
{
return true;
}
//if the user is not in the role, we check if the role is empty
//if the role is empty, we allow access
else if (!string.IsNullOrEmpty(Role) && !context.HttpContext.User.IsInRole(Role))
{
return false;
}
return true;
}
return false;
}
}
This class receives a request when the user hits a Class with the custom Attribute e.g:
[MyAuth(Role = "Admin")]
public class AdminPageModel : PageModel
{
public void OnGet()
{
}
}
From here you should be able to implement your own logic to check if the user is allowed to access the page or not.
Feel free to use this code as you wish.
This project is licensed under the MIT License - see the LICENSE.txt file for details
Thanks to StackOverflow for all the help and to Microsoft for the great work on .Net Core and Visual Studio 2022.