Share via

Cookie-based Authentication AuthorizeFolder for .net 6 razor pages does not working

AG 521 Reputation points
2022-10-01T19:48:24.553+00:00

Hi,

I have a simple razor pages web app that I would like to secure using Cookie-based Authentication but AuthorizeFolder does not working for me.
Here is my code:

public void ConfigureServices(IServiceCollection services)  
        {  
            services.Configure<CookiePolicyOptions>(options =>  
            {  
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.  
                options.CheckConsentNeeded = context => true;  
                options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.None;  
            });  

            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(cookieOptions =>  
            {  
                cookieOptions.LoginPath = "/";  

                cookieOptions.ExpireTimeSpan = TimeSpan.FromMinutes(20);  
                cookieOptions.SlidingExpiration = true;  
                cookieOptions.AccessDeniedPath = "/Forbidden/";  
            });  

            services.AddRazorPages(options =>  
            {  
                options.Conventions.AuthorizeFolder("/").AllowAnonymousToPage("/Login");  
            }).AddRazorRuntimeCompilation();  

        }

I would like to Authorize all pages in Pages folder that also contains the Shared folder in it and I would like to exclude Login page that it is in Pages folder.
Also if user is not Authorize I would like to redirect him to Login page.
Unfortunately AuthorizeFolder("\") is not working and I have full access to all of my pages in Pages folder.

Thanks in advanced for any help,
AG

Developer technologies | ASP.NET | ASP.NET Core
Microsoft Security | Microsoft Identity Manager
0 comments
Accepted answer
  1. Anonymous
    2022-10-03T04:17:22.323+00:00

    Hi @AG ,

     options.Conventions.AuthorizeFolder("/").AllowAnonymousToPage("/Login");

    The above conventions works well on my application, check this screenshot:

    246836-1.gif

    Unfortunately AuthorizeFolder("\") is not working and I have full access to all of my pages in Pages folder.

    To the above error, I suppose the issue might relate the middleware, check the program.cs/startup.cs file, make sure you have add the app.UseAuthentication() and app.UseAuthorization(); middleware, like this:

    246860-image.png

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,
    Dillion

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AG 521 Reputation points
    2022-10-03T06:06:25.977+00:00

    Thanks @Anonymous for your help.

    The main problem was with my launchsettings.json that windowsAuthentication set to true and anonymousAuthentication set to false.
    setting windowsAuthentication to false and anonymousAuthentication to true allowed me to work it out.

    Thanks and regards,
    AG

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.