locked
How do I setup multiple login pages in ASP.NET Core Razor Pages? RRS feed

  • Question

  • User-1471866167 posted

    I have setup to login pages for two areas in the application:

    /Areas/Admin/Login
    /Areas/Staff/Login

    The ConfigureServices method:

    public void ConfigureServices(IServiceCollection services)
    {
    services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(
    Configuration.GetConnectionString("DefaultConnection")));
    services.AddDefaultIdentity<AppUser>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddRoles<IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>();


    services.AddRazorPages().AddRazorPagesOptions(options =>
    {
    // authenticated staff only
    options.Conventions.AuthorizeAreaFolder("Staff", "/Manage");

    // authenticated admin only
    options.Conventions.AuthorizeAreaFolder("Admin", "/");
    });

    }

    How do I go about ensuring that any unauthorized user in the respective areas(admin and staff) get redirected to the  right login page?

    Thanks in advance!

    Tuesday, July 7, 2020 3:57 PM

Answers

  • User-1471866167 posted

    Thanks, was able to restrict the area with this:

    services.AddRazorPages().AddRazorPagesOptions(options =>
    {
    // authenticated user only
    options.Conventions.AuthorizeAreaFolder("Player", "/Manage");

    // user with certain roles only
    options.Conventions.AuthorizeAreaFolder("Admin", "/");
    });

    And then created an initial login page for determinging which login page to redirect to based on the return url

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, July 7, 2020 7:25 PM

All replies

  • User475983607 posted

    The standard solution is role based security where the roles are stored in a database table.  There is no logically way to restrict user access to an area before you know who the user is and what role the user is in.

     

    Tuesday, July 7, 2020 6:23 PM
  • User-1471866167 posted

    Thanks, was able to restrict the area with this:

    services.AddRazorPages().AddRazorPagesOptions(options =>
    {
    // authenticated user only
    options.Conventions.AuthorizeAreaFolder("Player", "/Manage");

    // user with certain roles only
    options.Conventions.AuthorizeAreaFolder("Admin", "/");
    });

    And then created an initial login page for determinging which login page to redirect to based on the return url

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, July 7, 2020 7:25 PM