asp.net-mvcrazorasp.net-coreasp.net-identityasp.net-authentication
Core 2 Razor AccesDeniedPath
I was following a Connect() video where they are securing a core 2 MVC app. In it, they added options for AccessDeniedPath and LoginPath
However, I'm using Razor, instead of MVC and let VS generate the log in code for mode, utilizing a database. My code looks as follows:
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, MyRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddMvc(options =>
{
options.Filters.Add(new RequireHttpsAttribute());
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
})
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeFolder("/Account/Manage");
options.Conventions.AuthorizePage("/Account/Logout");
});
}
AccessDeniedPath can't be added in AddMvc, AddRazorpagesOptions nor in AddIdentity.
Any suggestions will be greatly appreciated.
Solution
API for configuring application cookie options changed from ASP.NET Core 1.x to 2.x
services.ConfigureApplicationCookie(opts =>
{
opts.LoginPath = "/Home/ErrorForbidden";
opts.AccessDeniedPath = "/Home/ErrorLoggedIn";
});
read Migrating Authentication and Identity to ASP.NET Core 2.0 for more information.