How to secure access to Razor Pages

Authentication and Authorization has not changed between Asp.Net MVC and Asp.Net Core Razor Pages. The request pipe lines still works the same for authentication. In MVC pipe like, you do all the authentication related initialization in your Startup.Auth.cs provided code. This is where you were adding all the options, details etc. about different types of authentication and authorization providers. In Asp.Net Core you add Authentication as a service in IServiceCollection during your Asp.Net Core application initialization. If you do not add authentication service in pipeline and later on do not include authentication middle ware in IApplicationBuilder, the requests will not perform any authentication.

A very simple way to secure access to your Asp.Net Razor Pages is by simply adding Authorize attribute to your PageModel class. Other attributes like AllowAnonymous work the same way as before. AllowAnonymous allows anonymous access to your pages.

[Authorize]
public abstract class BaseAuthenticatedQmsPageModel:BaseQmsPageModel
{
        protected BaseAuthenticatedQmsPageModel(IWorkContext workContext, 
            ITenantContext tenantContext, 
            IQmsLogger logger)
        :base(workContext, tenantContext, logger)
        { }
}
comments powered by Disqus

Blog Tags