Stack Overflow
Stack Overflow

Questions tagged [asp.net-authorization]

Authorization determines whether an identity should be granted access to a specific resource.

Authorization determines whether an identity should be granted access to a specific resource. In ASP.NET, there are two ways to authorize access to a given resource:

  • File authorization File authorization is performed by the FileAuthorizationModule. It checks the access control list (ACL) of the .aspx or .asmx handler file to determine whether a user should have access to the file. ACL permissions are verified for the user's Windows identity (if Windows authentication is enabled) or for the Windows identity of the ASP.NET process. For more information, see ASP.NET Impersonation.
  • URL authorization
    URL authorization is performed by the UrlAuthorizationModule, which maps users and roles to URLs in ASP.NET applications. This module can be used to selectively allow or deny access to arbitrary parts of an application (typically directories) for specific users or roles.
365 questions
5
votes
2 answers

Run both Authorize Filter and Action Filter on unauthenticated ASP.NET MVC request

I have decorated my base controller with a couple of action filters. They work fine. One of those filters sets up the request - does things like set the culture based on the domain, etc. I also have a handful of actions that require authorization…
Bryan Migliorisi
  • 8,274
  • 3
  • 30
  • 43
4
votes
2 answers

Blazor wasm unable to resolve AuthorizationOptions while attempting to activate DefaultAuthorizationPolicyProvider

I'm working on a Blazor wasm application and ran into an exception when adding the AuthorizeRouteView component in the App.razor file. I lost quite some time trying to solve as there are few resources about this, so I want to share the solution…
LYper
  • 476
  • 1
  • 9
4
votes
2 answers

How to get user's first name or last name from @context.User?

I created a Server side Blazor application using Windows authentication. And it created the following file. LoginDisplay.razor Hello, @context.User.Identity.Name! However, it shows "DOMAIN\username". Is it a way…
ca9163d9
  • 21,678
  • 35
  • 151
  • 304
4
votes
1 answer

Custom Authorize Attribute (follow-up)

Ok following up with this thread, here's what I came up with... public class SharweAuthorizeAttribute : AuthorizeAttribute { private bool isAuthenticated = false; private bool isAuthorized = false; public new string[] Roles { get; set;…
Kassem
  • 7,574
  • 16
  • 69
  • 113
4
votes
2 answers

asp.net core 2.0 Authorization is firing before authentication (JWT)

I'm attempting to implement a custom authorization policy in my asp.net core 2.0 application. In my Custom AuthorizationHandler I have this check: if (!context.User.Identity.IsAuthenticated) { this.logger.LogInformation("Failed to authorize…
cdarrigo
  • 631
  • 1
  • 5
  • 18
4
votes
1 answer

Add global Authorization filter in ASP.NET Core 2.0

in my ConfigureServices i have created a policy based authorization services.AddAuthorization(options => { options.AddPolicy("test", policy => policy.Requirements.Add(new TestRequirement())); }); and registered the handler as below…
Navin
  • 602
  • 1
  • 7
  • 22
4
votes
2 answers

How to require non-anonymous user in .Net Core?

In .Net Core, the controller attribute [AllowAnonymous] lets you set a controller to allow non-logged in users to access the controller. Is there a way to do the opposite, to require a user to be logged in? Without giving all users a role and then…
Parker Harris Emerson
  • 165
  • 1
  • 8
4
votes
1 answer

Asp.net core authorization for web-api firing redirect

I try to get started with asp.net core web application with SPA. I have built everything by the tutorials. So I setup authorization like that: app.UseIdentity() .UseCookieAuthentication(new CookieAuthenticationOptions() …
Maris
  • 4,429
  • 5
  • 33
  • 62
4
votes
1 answer

Asp.Net Core policy based authorization ends with 401 Unauthorized

I am working on setting up a skeleton of custom policy based authorization which will have a set of business rules to authorized the currently logged on user. But, currently the skeleton always ends up with 401 Unauthorized. Here is my code, public…
Mukesh Bhojwani
  • 1,896
  • 3
  • 17
  • 32
4
votes
2 answers

Users in Multiple Organizations with Different Roles

I'm fairly new to setting up security for websites and am having trouble finding the correct architecture/design/pattern/best practice for the type of authentication/authorization I am needing in a .NET MVC environment. I don't even know what to…
JayHat
  • 58
  • 6
3
votes
1 answer

User.Claims is empty after upgrading from ASP.NET Core 3.1 to ASP.NET 5.0

After upgrading from ASP.NET Core 3.1 to version 5, context.User.Claims is empty in protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement) in public class MyRequirementHandler :…
peter
  • 11,751
  • 6
  • 52
  • 89
3
votes
4 answers

Very simple single user login in ASP.NET MVC2?

I'm building my site, and I want to restrict a part of my site (The admin parts) from normal public display. I am using LINQ for database access. I have a Service class to handle calls to the database through LINQ I have the whole site running,…
KristianB
  • 1,326
  • 2
  • 23
  • 45
3
votes
1 answer

HandleRequirementAsync not being called when using authorization in Hot Chocolate

Hi, I am trying to implement policy-based authorization in a Hot Chocolate graphql server. I am looking at their documentation and also referring to Microsoft's guide What I want to achieve I want that HandleRequirementAsync() will be called…
NoamWe
  • 33
  • 6
3
votes
1 answer

Resource Based authorization for a list of reosurces?

How do you implement authorization for a list of resources? All docs I see are based on IAuthorizationService and the AuthorizeAsync methods. But this, only applies to one resource. Should I be retrieving all resources and then imperatively check…
Notbad
  • 4,665
  • 6
  • 37
  • 79
3
votes
1 answer

Global Resource Authorization based on route value

I'm working on an ASP.Net Core 3.1 web API. The API users are from an Azure AD. The users can access the API if they have a license, each user can be assigned to multiple licenses and the same license can be assigned to multiple users. The client…
Michele mpp Marostica
  • 2,001
  • 3
  • 22
  • 40
1 2
3
24 25