ASP.NET (Blazor): Trigger windows authentication popup only on a single page
My Blazor webapp (ASP.NET) should consist of pages, that allow anonymous users (url/noauth) and a single page, which needs authentication (url/auth). The authentication mechanism to be used is windows authentication (which includes an automatically triggered popup for logging in, if authentication fails).
Popup:
The desired behavior is to
- show the noauth page to any user
- show the auth page to authenticated users only (e.g. browser inside intranet)
- show a popup asking for windows credentials to non-authenticated users requesting auth page
My code:
Auth.razor
@page "/auth"
@attribute [Authorize]
<h3>Auth</h3>
<CascadingAuthenticationState>
<AuthorizeView>
<Authorized>
<p>You are authorized</p>
</Authorized>
<NotAuthorized>
<p>You are not authorized</p>
</NotAuthorized>
</AuthorizeView>
</CascadingAuthenticationState>
@code {
}
NoAuth.razor
@page "/noAuth"
@attribute [AllowAnonymous]
<h3>NoAuth</h3>
@code {
}
Program.cs (Version A)
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
.AddNegotiate();
builder.Services.AddAuthorization();
This way the authentication check works fine, I am able to view the noauth page and the auth page shows me, that I am not authorized. However I do not have any means of authenticating/logging in (no popup is shown).
Program.cs (Version B)
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
.AddNegotiate();
builder.Services.AddAuthorization(options => {
options.FallbackPolicy = options.DefaultPolicy;
});
This way, when calling the auth page without being logged in I get a popup asking for my windows credentials (desired), however I get the same popup on the noauth page (not desired).
How can I either exclude the noauth page from the popup-showing-mechanism , or trigger the popup for the auth page?
You mentioned Blazor webapp ( in your statement, so I deduce you are now using blazor in .net 8. If we are using .net 8 for authentication, we should use builder.Services.AddCascadingAuthenticationState(); instead of <CascadingAuthenticationState>. We could see the migration guidance here.
Then the program.cs we have should like this:
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
.AddNegotiate();
builder.Services.AddAuthorization(options =>
{
// By default, all incoming requests will be authorized according to the default policy.
//options.FallbackPolicy = options.DefaultPolicy;
//options.AddPolicy("RequireAdminRole", policy => policy.RequireRole("admin"));
});
// Add services to the container.
builder.Services.AddRazorComponents()
.AddInteractiveServerComponents();
builder.Services.AddCascadingAuthenticationState();
You might notice that I comment line //options.FallbackPolicy = options.DefaultPolicy; that's because the default policy would make us sign in first before we visit any view, no matter whether we added [AllowAnonymous] attribution.
Then we could add @attribute [Authorize] to components which requiring authentication, and @attribute [AllowAnonymous] or don't add attribtue to components which doesn't require authentcation.
For example, my counter.razor and my home.razor
@page "/counter"
@using Microsoft.AspNetCore.Authorization
@rendermode InteractiveServer
@attribute [Authorize]
<PageTitle>Counter</PageTitle>
<h1>Counter</h1>
@page "/"
<PageTitle>Home</PageTitle>
- ASP.NET Core doesn't create an authentication cookie when SameSite is set to none
- ASP.Net Core Content-Disposition attachment/inline
- How to embed the scoped css bundle file generated by Razor class library?
- Visual Studio ASP.NET Core Debug IIS Express - Site can't be reached
- How to configure Elastic.Serilog.Sinks 8.11 in ASP.NET Core 8 web app?
- How to validate a form using Javascript
- .NET Core Razor - scenario on how to mix C# with html
- How do I make a column in SQL that's an array of data in .NET Core MVC?
- Passing model from Index to _Layout to _Header in ASP.NET Core causes NullReferenceException on get_Model()
- Method not allowed 405 POST ASP.NET CORE 5.0 WEB API
- Odata Global PageSize
- Http 429 is not returnable in status code from C# ASP.NET Core Web API
- How to extract a list from appsettings.json in .net core
- Failing to perform Cookie Authentication: SignInAsync and AuthenticateAsync not successful
- No service for type has been registered
- .NET 8 windows service thinks hosting environment is production when debugging locally
- ASP.NET Core CORS Setup Stops Working After Bicep Deployment
- ASP.NET Core: URL rewriting does not work with a static file
- Could not load file or assembly 'Microsoft.AspNetCore.SpaProxy'?
- Multiple Identities in ASP.NET Core 2.0
- Blazor WASM cannot use Entity Framework Core
- Html number input handling in blazor
- C# Blazor EventCallBack is not set
- Toast Component not working in Razor app C#
- How to change background color of loading page of a WASM app?
- How can I get an ILogger in an exception handler - created in Main()?
- Minimal API Results.Ok Not Returning Full Object
- Blazor A second operation started on this context before a previous operation completed
- C# required property setter for reference type with default value set to null
- Working with DirectoryServices in ASP.NET Core