Search code examples
razorasp.net-corerazor-pages

How to route the user to the login page on every page request in ASP.NET Core 2.0

I've done much Googling to find out the best way of doing this in ASP.NET Core 2.0 but not come to any clear conclusions. In previous versions of ASP.NET / MVC I could route the user to the login page by checking their session is authenticated.

I'm looking for something similar in ASP.NET Core 2.0. I want to check the user is authenticated on every page request, and if not route them to the login page.

How can I achieve this in ASP.NET Core 2?

Solution

  • The ASP.NET Identity will do the work for you. You just have to define which files/folders are protected and which are public. You can define it in the ConfigureServices method of the startup.cs file.

    services.AddMvc()
    .AddRazorPagesOptions(options =>
    {
        options.Conventions.AuthorizeFolder("/AuthorizedFolder");
        options.Conventions.AuthorizePage("/AuthorizedPage");
        options.Conventions.AllowAnonymousToFolder("/AuthorizedFolder/AllowFolder");
        options.Conventions.AllowAnonymousToPage("/AuthorizedFolder/AllowPage");
    });

    I have added 4 conventions in order to make it simple for you to understand how it works. The first Convention says that all the pages in AuthorizedFolder folder will be protected and you will have to login in order to view it's contents otherwise you will be redirected to the login page.

    The second Convention says that the AuthorizedPage page is protected which means that only logged users can view the contents of this page.

    The third convention define one public folder inside a protected folder.

    The fourth convention defines a public razor page inside a protected folder.

    Controllers

    For controllers you can use the Authorize and AllowAnonymous attributes. The following example demonstrates how to protect all the actions of the controller:

    using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace WebApplication3.Controllers
{
    [Authorize]
    public class TestController : Controller
    {
        public IActionResult Index()
        {
            return View();
        }
    }
}

    The following example demonstrates how to protect one action:

    using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace WebApplication3.Controllers
{
    public class TestController : Controller
    {
        [Authorize]
        public IActionResult Index()
        {
            return View();
        }
    }
}

    And finally you can see how to protect a controller but make public one action of the protected controller:

    using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace WebApplication3.Controllers
{
    [Authorize]
    public class TestController : Controller
    {
        [AllowAnonymous]
        public IActionResult Index()
        {
            return View();
        }
    }
}

    I hope it helps.