Giters

RobertoBorges / DemoCustomAuth

Simple demo app that uses Individuals Authentication AspNet Core with a custom Attributes

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

asp-net-coreattributesauthenticationauthorizationdecoratorsidentity

Individual Authentication demo With Custom Attributes manager

.NET

This is a demo of how to use the Individual Authentication on AspNet Core with Razor Pages and Identity.

How to use

With Visual Studio 2022, open the solution

Apply pending migrations from a command prompt at your project directory under MyIdentityServer project:

PM> dotnet ef database update

and run the project.

It should create a local database "aspnet-DemoCustomAuth" and open a browser with the demo page.

For a good test create two users and add some roles on the database.

For tests use the following users:

User Password Roles
bob Pass123$ Admin
alice Pass123$ User

How it works

The demo is based on the default Individual Authentication template with Razor Pages and Identity.

The main part of this code is about the CustomAttribute class:

    public class MyAuthAttribute : Attribute, IAuthorizationFilter
    {

        public string? Role { get; set; }

        public void OnAuthorization(AuthorizationFilterContext context)
        {
            //check access 
            if (CheckPermissions(context))
            {
                //all good, add optional code if you want. Or don't
            }
            else
            {
                //DENIED!
                //return access denied on the razor page
                context.Result = new RedirectToRouteResult(new RouteValueDictionary(new { area = "Identity", page = "/Account/AccessDenied" }));
            }
        }

        private bool CheckPermissions(AuthorizationFilterContext context)
        {
            if (context.HttpContext.User?.Identity?.IsAuthenticated == true)
            {
                //check if user is in role
                if (!string.IsNullOrEmpty(Role) && context.HttpContext.User.IsInRole(Role))
                {
                    return true;
                }
                //if the user is not in the role, we check if the role is empty
                //if the role is empty, we allow access
                else if (!string.IsNullOrEmpty(Role) && !context.HttpContext.User.IsInRole(Role))
                {
                    return false;
                }
                return true;
            }
            return false;
        }
    }

This class receives a request when the user hits a Class with the custom Attribute e.g:

[MyAuth(Role = "Admin")]
public class AdminPageModel : PageModel
{
    public void OnGet()
    {

    }
}

From here you should be able to implement your own logic to check if the user is allowed to access the page or not.

Feel free to use this code as you wish.

License

This project is licensed under the MIT License - see the LICENSE.txt file for details

Acknowledgments

Thanks to StackOverflow for all the help and to Microsoft for the great work on .Net Core and Visual Studio 2022.

About

Simple demo app that uses Individuals Authentication AspNet Core with a custom Attributes

asp-net-coreattributesauthenticationauthorizationdecoratorsidentity

License:MIT License

Languages

Language:C# 80.2%Language:HTML 18.2%Language:CSS 1.3%Language:JavaScript 0.3%