Authorization In Asp.net Core Identity | AllowAnonymous & Authorize Attribute in Asp.net Core | Set Authorization Globally
Hello & As-salam u alikum ! , In the previous articles we had discussed about Asp.net Core Identity with Sign In ,Sign Up & Logout Functionalities, There is the reference in the below link.
https://dotnetcorecommunity.blogspot.com/2019/11/implementing-login-logout-sign-up.html
Step# 3:
Run the project , and you will find everything working properly, You click on privacy tab without login ,you will be redirected to login page with query string ,when you enter correct credentials the login action takes you the same page which is saved in query string url. Now I want to Authorize my Controller instead of an Specific action , In that case I will add [Authorize] attribute on the Controller.
Now you won't be able to access any action from the Home controller, when ever you run the program ,you will be redirected to login page. That's okay with the scenario when you want to Authorize all the actions of Controller.
Step# 4:
Setting Authorize attribute Globally in Startup.cs file. Replace the middle-ware of Services.AddMvc with the below Highlighted. Now you have set all the actions and controller to used by Authorized person.
But there is a little problem, when you set Authorized attribute globally then you also would not be able to access login page. because for accessing page we need to be login too which isnt practical thing . so we need to add [AllowAnonymous] attribute on each action to which we want not apply authorize attribute. Add [AllowAnonymous] attribute on login and Register action, so that new user would be able to sign up and login.
Conclusion :
that's all for this blog, we have successfully Implement the Asp.net core Identity with Authorize attribute ,In the next coming articles we will discuss more details on this topic.Thank you for watching,Have a great day !
https://dotnetcorecommunity.blogspot.com/2019/11/implementing-login-logout-sign-up.html
At the moment, we are going to discuss the Following concepts in this article
- Authorize Attribute Globally
- Authorize Attribute on Controller
- Authorize Attribute on Action
lets begin with Practical :
Step# 1:
Perform the All steps that I have explained in the previous article, Click Here to see the previous article.
Perform the All steps that I have explained in the previous article, Click Here to see the previous article.
Step# 2:
First we are going to check the Authorize Attribute in Controller.we Have the following actions in our Home Controller.
First we are going to check the Authorize Attribute in Controller.we Have the following actions in our Home Controller.
Consider we are not willing to show our Privacy page to Anonymous user, so we will add [Authorize] attribute on the top of this action as shown below.
Now, If you run the project , and click on Privacy tab present on the top navigation bar, you will be redirected to the login page in case you are not logged in.
If you noticed the URL , we are landed on Account controller from home controller,because Privacy Action method was set to [Authorize] , so we are landed to the login page with a query string named as "ReturnUrl" and the value of query string is holding the address of the page from which we are navigated to this page.
Now I ll move to login Action method & make some changes, so that after login we could go to the same page from where we requested last time.
The Highlighted code are the changes that I made in Login action of post method. you may copy the code from below:
public async Task<IActionResult> Login(LoginUserModel model,string returnUrl)
{
if (ModelState.IsValid)
{
var result = await signInManager.PasswordSignInAsync(
model.Email, model.Password, model.RememberMe, false);
if (result.Succeeded)
{
if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("index", "home");
}
}
ModelState.AddModelError(string.Empty, "Invalid Login Attempt");
}
return View(model);
}
{
if (ModelState.IsValid)
{
var result = await signInManager.PasswordSignInAsync(
model.Email, model.Password, model.RememberMe, false);
if (result.Succeeded)
{
if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("index", "home");
}
}
ModelState.AddModelError(string.Empty, "Invalid Login Attempt");
}
return View(model);
}
Step# 3:
Run the project , and you will find everything working properly, You click on privacy tab without login ,you will be redirected to login page with query string ,when you enter correct credentials the login action takes you the same page which is saved in query string url. Now I want to Authorize my Controller instead of an Specific action , In that case I will add [Authorize] attribute on the Controller.
Now you won't be able to access any action from the Home controller, when ever you run the program ,you will be redirected to login page. That's okay with the scenario when you want to Authorize all the actions of Controller.
Step# 4:
Setting Authorize attribute Globally in Startup.cs file. Replace the middle-ware of Services.AddMvc with the below Highlighted. Now you have set all the actions and controller to used by Authorized person.
But there is a little problem, when you set Authorized attribute globally then you also would not be able to access login page. because for accessing page we need to be login too which isnt practical thing . so we need to add [AllowAnonymous] attribute on each action to which we want not apply authorize attribute. Add [AllowAnonymous] attribute on login and Register action, so that new user would be able to sign up and login.
that's all for this blog, we have successfully Implement the Asp.net core Identity with Authorize attribute ,In the next coming articles we will discuss more details on this topic.Thank you for watching,Have a great day !
Subscribe to my Youtube
posted by .NET Developer Community (.net core & .net framework) @ November 15, 2019
2 Comments
2 Comments:
Sir,
pics show nai ho rai
error state me hn.
kindly correct kar dein , takke follow kar sakoon.
Here ! I can see all the Images, Which browser you are using ? I suggest you to use Chrome
Post a Comment
Do not Add Spam links in the Comment Box
Subscribe to Post Comments [Atom]
<< Home