locked
How i can restrict the Authorize attribute to certain users only, inside my asp.net core mvc web application RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-540818677 posted

    I have created a new asp.net MVC core web application and i set it to use organizational account as follow:- enter image description here

    now if i add [Authorize] attribute to an action method then the user will be asked to login first. but my question is how i can only allow certain users to access the action method?

    second question, is how i can prevent users from logging to the application unless they are inside a predefined list?

    Wednesday, May 6, 2020 11:16 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    for the first point, now in my case since i am using Work or School accounts, so i do not have tables to store the roles and users,, so how i can implement the Roles inside my application? i mean how i can create the roles and users and link users with roles?

    Use the Identity External login feature and read the link in my first post.

    for the second question, i want only certain users inside a database table to be able to login, other wise they will get access denied.. and yes in my case i already have 50 email addresses that should only login to my application...

    For the second time, the web is stateless.  There is no magical way to know the user before they login.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 7, 2020 10:14 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    now if i add [Authorize] attribute to an action method then the user will be asked to login first. but my question is how i can only allow certain users to access the action method?

    See the official docs.

    https://docs.microsoft.com/en-us/aspnet/core/security/authorization/introduction?view=aspnetcore-3.1

    second question, is how i can prevent users from logging to the application unless they are inside a predefined list?

    I'm not sure how you can identify a user before they authenticate unless you are using Windows Authentication where the users have a network login.

    Wednesday, May 6, 2020 11:30 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-540818677 posted

    mgebhard

    johnjohn123123

    now if i add [Authorize] attribute to an action method then the user will be asked to login first. but my question is how i can only allow certain users to access the action method?

    See the official docs.

    https://docs.microsoft.com/en-us/aspnet/core/security/authorization/introduction?view=aspnetcore-3.1

    johnjohn123123

    second question, is how i can prevent users from logging to the application unless they are inside a predefined list?

    I'm not sure how you can identify a user before they authenticate unless you are using Windows Authentication where the users have a network login.

    for the first point, now in my case since i am using Work or School accounts, so i do not have tables to store the roles and users,, so how i can implement the Roles inside my application? i mean how i can create the roles and users and link users with roles?

    for the second question, i want only certain users inside a database table to be able to login, other wise they will get access denied.. and yes in my case i already have 50 email addresses that should only login to my application...

    Wednesday, May 6, 2020 11:50 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User475983607 posted

    for the first point, now in my case since i am using Work or School accounts, so i do not have tables to store the roles and users,, so how i can implement the Roles inside my application? i mean how i can create the roles and users and link users with roles?

    Use the Identity External login feature and read the link in my first post.

    for the second question, i want only certain users inside a database table to be able to login, other wise they will get access denied.. and yes in my case i already have 50 email addresses that should only login to my application...

    For the second time, the web is stateless.  There is no magical way to know the user before they login.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 7, 2020 10:14 AM