Blazor Server Side AllowAnonymousToFolder

0
votes

I have added Azure AD authentication so that all requests to the application has to login. But I would like to seperate this since I have a "Public" and "Private" folder for my pages.

I found this https://docs.microsoft.com/en-us/aspnet/core/security/authorization/razor-pages-authorization?view=aspnetcore-5.0 which is what I need, but once I go to a page in the public folder, I still get prompted to login.

Expected result: All the pages in the /Pages/Public folder will not prompt login.

Result: When navigationg to a page in the /Pages/Public folder Im prompted with a login request.

Im relatively new at Server side Blazor and Net Core so its very possible that Im missunderstanding something or that this functionality isnt available for Blazor. If so then might I get a hint to what to look at instead?

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(options =>
{
      Configuration.Bind("AzureAD", options);
      options.Events ??= new OpenIdConnectEvents();
      options.Events.OnTokenValidated += OnTokenValidatedFunc;
});
services.AddRazorPages(options =>
{
     //No error here but no effect either
     options.Conventions.AllowAnonymousToFolder("/Pages/Public");
}).AddMvcOptions(options =>
{
     var policy = new AuthorizationPolicyBuilder()
                      .RequireAuthenticatedUser()
                      .Build();
     options.Filters.Add(new AuthorizeFilter(policy));
                
}).AddMicrosoftIdentityUI();
2
asp.net-coreauthorizationblazor
"...but I cant seem to get it to work.. " Can you please be more specific? What is the desired behavior, what is the current behavior? Do you get any errors or warnings? What did you try?JHBonarius
@JHBonarius Edited my question. Im expecting to not be prompted to login, allowing me to be anonymous. Instead, Im prompted to login.Jesper Heikkilä
Is anonymous authentication enabled? (or accidentally disabled?). Are you serving Razor Pages or Razor Components (Blazor)? Did you read this?JHBonarius
Im not sure about the Anonymous authentication, This application has not accepted anonymous before and always redirected to login. I have read that, but it seems to focus on AuthorizeView for showing and hiding components? What I want is: - Two folders with razor components, one folder for Anonymous, and one folder for Logged in. And if a user tries to access a Logged In component without being logged in, they should be redirected to the login page. If I set @attribute [AllowAnonymous] in the _Host file then all becomes Anonymous. But it feels like more of a hack then solution.Jesper Heikkilä

2 Answers

1
votes

Use @attribute [Authorize(Policy = "Whatever")] in a new _Imports.razor in the folder with all the pages which require Auth. This will add the Authorize attribute to all pages in that folder and below. You will have to remove your global Auth. requirement though.

0
votes

So what I ended up with was splitting the project into two projects, with one part secured and the other public since I didnt find a way to have the whole project secure and only anonymize certain pages.