How would I deny anonymous users to access any of the razor pages in asp.net core other then a login page? I tried <pre class="prettyprint"><code> services.AddMvc() .AddRazorPagesOptions(options => { options.RootDirectory = "/"; options.Conventions.AllowAnonymousToPage("/Account/Login"); options.Conventions.AuthorizeFolder("/"); }) .SetCompatibilityVersion(CompatibilityVersion.Latest); </code></pre>

For a Razor Pages 2.x application, all you need to do is add the following to your <code>Configure</code> method to prevent unauthorised users accessing any page in the Pages folder or subfolders: <pre class="prettyprint"><code>services.AddMvc().AddRazorPagesOptions(options => { options.Conventions.AuthorizeFolder("/"); }); </code></pre> If you are using .NET Core 3, the following will do the same thing: <pre class="prettyprint"><code>services.AddRazorPages(options => { options.Conventions.AuthorizeFolder("/"); }); </code></pre> The unauthorised user will be redirected to the default login page, which is at <code>Identity/Account/Login</code>

add attributes in controllers <pre class="prettyprint"><code>[Authorize] public class HomeController : Controller </code></pre> then in endpoints you want to access anonymously <pre class="prettyprint"><code>[AllowAnonymous] public ViewResult Index() { return View(); } </code></pre> or you could create a basecontroller class <pre class="prettyprint"><code>[Authorize] public class BaseController : Controller { ... } </code></pre> then inherit it <pre class="prettyprint"><code>public class HomeController : BaseController </code></pre> or as listed in this documentation <pre class="prettyprint"><code>//sample code services.AddMvc() .AddRazorPagesOptions(options => { options.Conventions.AuthorizePage("/Contact"); options.Conventions.AuthorizeFolder("/Private"); options.Conventions.AllowAnonymousToPage("/Private/PublicPage"); options.Conventions.AllowAnonymousToFolder("/Private/PublicPages"); }) </code></pre> also here, <code>GlobalFilters</code> <pre class="prettyprint"><code>//listed answer GlobalFilters.Filters.Add(new AuthorizeAttribute() { Roles = "Admin, SuperUser" }); </code></pre>

How to deny anonymous users in asp.net core razor pages?

How would I deny anonymous users to access any of the razor pages in asp.net core other then a login page?

I tried

    services.AddMvc()
        .AddRazorPagesOptions(options =>
        {
            options.RootDirectory = "/";
            options.Conventions.AllowAnonymousToPage("/Account/Login");
            options.Conventions.AuthorizeFolder("/");
        })
        .SetCompatibilityVersion(CompatibilityVersion.Latest);

How do I block anonymous access in web config?

Click on your virtual directory under the IIS you have Authentication click on it and there you will be able to see Anonymous authentication disable it.

How do I override an authorized attribute in .NET Core?

Right-click on the solution and add a new class. Enter the class name and click on Add. Next Inherite Attribute, IAuthorizationFilter to CustomAuthorization class which has overridden the OnAuthorization method. The OnAuthorization Method has the AuthorizationFilterContext parameter.

What attribute will ensure anonymous users can access a specific controller action?

In MVC you normally use the [Authorize] attribute to manage authorization. Controllers or individual actions that are dressed with that attribute will require that the user is authorized in order to access them - all other actions will be available to anonymous users.

How do you enable access to certain controllers actions for anonymous users in ASP.NET MVC 5?

In ASP.NET MVC, by default, all the action methods are accessible to both anonymous and authenticated users. But, if you want the action methods to be available only for authenticated and authorized users, then you need to use the AuthorizationFilter in MVC.

For a Razor Pages 2.x application, all you need to do is add the following to your Configure method to prevent unauthorised users accessing any page in the Pages folder or subfolders:

services.AddMvc().AddRazorPagesOptions(options => {
    options.Conventions.AuthorizeFolder("/");
});

If you are using .NET Core 3, the following will do the same thing:

services.AddRazorPages(options => {
    options.Conventions.AuthorizeFolder("/");
});

The unauthorised user will be redirected to the default login page, which is at Identity/Account/Login

add attributes in controllers

[Authorize]
public class HomeController : Controller

then in endpoints you want to access anonymously

[AllowAnonymous] 
public ViewResult Index() 
{ 
      return View(); 
}

or you could create a basecontroller class

[Authorize]
public class BaseController : Controller 
{
    ...
}

then inherit it

public class HomeController : BaseController

or as listed in this documentation

//sample code
services.AddMvc()
    .AddRazorPagesOptions(options =>
    {
        options.Conventions.AuthorizePage("/Contact");
        options.Conventions.AuthorizeFolder("/Private");
        options.Conventions.AllowAnonymousToPage("/Private/PublicPage");
        options.Conventions.AllowAnonymousToFolder("/Private/PublicPages");
    })

also here, GlobalFilters

//listed answer
GlobalFilters.Filters.Add(new AuthorizeAttribute() { Roles = "Admin, SuperUser" });

How to deny anonymous users in asp.net core razor pages?

Tags:

c#

asp.net-core

razor-pages

mko

People also ask

2 Answers

Mike Brind

Gabriel Llorico

Recent Activity

Donate For Us

How to deny anonymous users in asp.net core razor pages?

Tags:

c#

asp.net-core

razor-pages

mko

People also ask

2 Answers

Mike Brind

Gabriel Llorico

Related questions

Recent Activity

Donate For Us