1

I am using asp.net core 2.2. I created an empty web application using Visual Studio 2019. I added this code in Startup.cs, in the configure services method: 

    services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});

So my method looks like this: 

public void ConfigureServices(IServiceCollection services)
    {

        services.AddDbContextPool<AppDBContext>(options => options.UseSqlServer(_config.GetConnectionString("EmployeeDBConnection")));

        services.AddIdentity<IdentityUser, IdentityRole>(options =>
        {
            options.Password.RequiredLength = 10;
            options.Password.RequiredUniqueChars = 3;
            options.Password.RequireNonAlphanumeric = false;
        }).AddEntityFrameworkStores<AppDBContext>();



        services.AddMvc(config =>
        {
            var policy = new AuthorizationPolicyBuilder()
                        .RequireAuthenticatedUser()
                        .Build();

            config.Filters.Add(new AuthorizeFilter(policy));
        });

        //services.AddMvc();
        services.AddScoped<IEmployeeRepository, SQLEmployeeRepository>();
    }

I expected this to make the whole application require authorization, however if I go to any controller and action, I can just view that without signing in. Do I need to do anything extra to configure this or force it?

I tried to add the [Authorize] attribute on the class itself. Here's how the beginning of my controller looks like: 

using System.Threading.Tasks;
using EmployeeManagement.ViewModels;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc; 
namespace EmployeeManagement.Controllers
{
    [Authorize]
    public class AccountController : Controller
    {
        private readonly UserManager<IdentityUser> userManager;
        private readonly SignInManager<IdentityUser> signInManager;

        public AccountController(UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
        {
            this.userManager = userManager;
            this.signInManager = signInManager;
        }

.
.
.

What else do I need to do to force pages to require login/authorization?

Improve this question
3

2 Answers 2

Reset to default
1

I think you also need to update the Configure method in the Startup as well to enable authorization. Try adding this:

    public void Configure(IApplicationBuilder app)
    {
        app.UseAuthorization();
    }

NuGet package required

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

it doesn't work if I do so as I get a message: IApplicationBuilder does not contain a definition for UseAuthorization. I guess it was introduced with asp.net 3 while am using asp.net 2.2?
Add the NuGet package Microsoft.AspNetCore.App. I believe that has the authentication functionality you need.
Hi Chad, I already have Microsoft.AspNetCore.App metapackage installed. with Microsoft.AspNetCore.Authorization installed as well.
I am able to get it to work with .NET Core 2.2 with the NuGet package I mentioned. I updated my answer with a screenshot of the NuGet package as it appears in the Visual Studio Package Manager screen. I hope that helps :)
hi Chad, I have the same package installed. However when I try to use app.UseAuthorization, I have red squiggly line under the method name and it tells me it's not available.
0

Instead of [Authorize], use the following Attribute:

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.