search

hishamco / hishambinateya.com

Hisham's Blog
http://www.hishambinateya.com/
2 stars 1 forks source link

Role-Based Authorization in Razor Pages #54

Closed hishamco closed 2 years ago

neilbgr commented 2 years ago

Hi! For your AuthorizeFolder() must be conventions.Add**Folder**ApplicationModelConvention(... instead of conventions.Add**Page**ApplicationModelConvention(... , isn't it ? Thanks for your post. Neil.

hishamco commented 2 years ago

Check the ASP.NET Core Docs

services.AddRazorPages(options =>
{
    options.Conventions.AuthorizePage("/Contact");
    options.Conventions.AuthorizeFolder("/Private");
    options.Conventions.AllowAnonymousToPage("/Private/PublicPage");
    options.Conventions.AllowAnonymousToFolder("/Private/PublicPages");
});

https://docs.microsoft.com/en-us/aspnet/core/security/authorization/razor-pages-authorization?view=aspnetcore-5.0

neilbgr commented 2 years ago

I'd already seen this mdsm page. But it's consuming "Policies" not "Roles" like your great post http://hishambinateya.com/role-based-authorization-in-razor-pages I just wanted to say to you that in the code of your extension method AuthorizeFolder(), there is a call to conventions.AddPageApplicationModelConvention(..) instead of conventions.AddFolderApplicationModelConvention(). (Note the diff between AddPageXxx/AddFolderXxx) Only that.

hishamco commented 2 years ago

Thanks a lot @neilbgr, fixed in https://github.com/hishamco/hishambinateya.com/commit/dedede57389fa2f080860fd12b90ccc81d17ee71