ASP.NET (Blazor): Trigger windows authentication popup only on a single page
My Blazor webapp (ASP.NET) should consist of pages, that allow anonymous users (url/noauth) and a single page, which needs authentication (url/auth). The authentication mechanism to be used is windows authentication (which includes an automatically triggered popup for logging in, if authentication fails).
Popup:
The desired behavior is to
- show the noauth page to any user
- show the auth page to authenticated users only (e.g. browser inside intranet)
- show a popup asking for windows credentials to non-authenticated users requesting auth page
My code:
Auth.razor
@page "/auth"
@attribute [Authorize]
<h3>Auth</h3>
<CascadingAuthenticationState>
<AuthorizeView>
<Authorized>
<p>You are authorized</p>
</Authorized>
<NotAuthorized>
<p>You are not authorized</p>
</NotAuthorized>
</AuthorizeView>
</CascadingAuthenticationState>
@code {
}
NoAuth.razor
@page "/noAuth"
@attribute [AllowAnonymous]
<h3>NoAuth</h3>
@code {
}
Program.cs (Version A)
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
.AddNegotiate();
builder.Services.AddAuthorization();
This way the authentication check works fine, I am able to view the noauth page and the auth page shows me, that I am not authorized. However I do not have any means of authenticating/logging in (no popup is shown).
Program.cs (Version B)
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
.AddNegotiate();
builder.Services.AddAuthorization(options => {
options.FallbackPolicy = options.DefaultPolicy;
});
This way, when calling the auth page without being logged in I get a popup asking for my windows credentials (desired), however I get the same popup on the noauth page (not desired).
How can I either exclude the noauth page from the popup-showing-mechanism , or trigger the popup for the auth page?
You mentioned Blazor webapp ( in your statement, so I deduce you are now using blazor in .net 8. If we are using .net 8 for authentication, we should use builder.Services.AddCascadingAuthenticationState(); instead of <CascadingAuthenticationState>. We could see the migration guidance here.
Then the program.cs we have should like this:
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme)
.AddNegotiate();
builder.Services.AddAuthorization(options =>
{
// By default, all incoming requests will be authorized according to the default policy.
//options.FallbackPolicy = options.DefaultPolicy;
//options.AddPolicy("RequireAdminRole", policy => policy.RequireRole("admin"));
});
// Add services to the container.
builder.Services.AddRazorComponents()
.AddInteractiveServerComponents();
builder.Services.AddCascadingAuthenticationState();
You might notice that I comment line //options.FallbackPolicy = options.DefaultPolicy; that's because the default policy would make us sign in first before we visit any view, no matter whether we added [AllowAnonymous] attribution.
Then we could add @attribute [Authorize] to components which requiring authentication, and @attribute [AllowAnonymous] or don't add attribtue to components which doesn't require authentcation.
For example, my counter.razor and my home.razor
@page "/counter"
@using Microsoft.AspNetCore.Authorization
@rendermode InteractiveServer
@attribute [Authorize]
<PageTitle>Counter</PageTitle>
<h1>Counter</h1>
@page "/"
<PageTitle>Home</PageTitle>
- Replacing service layer with MediatR - is it worth to do it?
- ASP.NET Core MVC filter analogue for gRPC service
- Why is using custom routes returning a 404 in my Razor Pages application?
- Why Http Post in Orchard Core asp net core Web App returns bad request
- Property Injection in ASP.NET Core
- How to force ASP.NET Core source code to not be optimized
- Is there any way to load a single page at a time using Blazor WebAssembly
- This localhost page can’t be found - No webpage was found for the web address.- ASP.NET Core
- log4net:ERROR ConfigureFromXml called with null 'element' parameter for Postgres SQL
- ASP.Net Core Background Service with Task Queue, does it need a Task.Delay?
- Input number does not respect step
- How to customize localization provider (.resx to database) in Razor Pages
- How to get user information in DbContext using Net Core
- Application Insights does not capture information level logging
- How to best add the Last-Modified header in asp .net middleware
- What is the correct way to get data for an EditForm using EF Core, with or without tracking?
- Why my properties in my blazor wasm always become null when i submit the form
- Blazor two way binding and on value changed event in the parent
- How to search for users in Active Directory from ASP.NET Core
- The framework 'Microsoft.NETCore.App', version '5' was not found while Microsoft.NETCore.App 5.0.0 is found
- ILoggingBuilder AddEventLog Linux compatibility
- Getting duplicates when saving an item with two fields in a many-to-many relationship
- Filter Serilog logs to different sinks depending on context source?
- ASP.NET Core log-in not redirecting me to home page
- ASP.NET Core 6 : The best way to list a group of numbers in a string?
- Error when using implementations with different constraints in C# dependency injection
- Azure Storage Account StorageSharedKeyCredential
- ASP.NET Core 6 Web API : custom authentication handler and Angular HttpInterceptor [receive Status code =0 for 401 Unauthorized Response]
- Blazor Web App NavigationManager in Client -> Exception_WasThrown
- How to return JSON result in ASP.NET Core 8 project