I have created my .NET Core 7 web app and I have scaffolded some pages, such as 'Register', 'Login', 'Logout' and etc. However, for an example I have not scaffolded the 'PersonalData' page, yet if you add to the url 'Identity/Account/Manage/PersonalData' it would redirect you to it.
I can't seem to understand how can I restrict access to logged and non-logged users, so they can not access unscaffolded web pages.
I reckon it has something to do with the 'ManageNavPages.cs' since I see it goes through it when I debug it, but I am not sure I understand how it works, so I can stop it.
Here is my 'ManageNavPages.cs':
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
#nullable disable
using System;
using Microsoft.AspNetCore.Mvc.Rendering;
namespace Social_Media_App.Areas.Identity.Pages.Account.Manage
{
public static class ManageNavPages
{
public static string Index => "Index";
public static string Email => "Email";
public static string ChangePassword => "ChangePassword";
public static string DownloadPersonalData => "DownloadPersonalData";
public static string DeletePersonalData => "DeletePersonalData";
public static string ExternalLogins => "ExternalLogins";
public static string PersonalData => "PersonalData";
public static string TwoFactorAuthentication => "TwoFactorAuthentication";
public static string IndexNavClass(ViewContext viewContext) => PageNavClass(viewContext, Index);
public static string EmailNavClass(ViewContext viewContext) => PageNavClass(viewContext, Email);
public static string ChangePasswordNavClass(ViewContext viewContext) => PageNavClass(viewContext, ChangePassword);
public static string DownloadPersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DownloadPersonalData);
public static string DeletePersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DeletePersonalData);
public static string ExternalLoginsNavClass(ViewContext viewContext) => PageNavClass(viewContext, ExternalLogins);
public static string PersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, PersonalData);
public static string TwoFactorAuthenticationNavClass(ViewContext viewContext) => PageNavClass(viewContext, TwoFactorAuthentication);
public static string PageNavClass(ViewContext viewContext, string page)
{
var activePage = viewContext.ViewData["ActivePage"] as string
?? System.IO.Path.GetFileNameWithoutExtension(viewContext.ActionDescriptor.DisplayName);
return string.Equals(activePage, page, StringComparison.OrdinalIgnoreCase) ? "active" : null;
}
}
}
No
ManageNavPages.csis not the right place to implement authorization or anything related to control your user access and as per official document this page shouldn't call from your user code as well. In addition to this, this implementation would be removed from subsequent release. You can get more details here.Way to restrict access identity pages:
In order to restrict any page you could consider two most followed way.
1. Using authorization conventions in ASP.NET Core
2. Injecting SignInManager instance and check the user credentails.
Using authorization conventions in ASP.NET Core:
In asp.net core you would seen AuthorizeAreaPage convention where you can set any desired restriction which would add an AuthorizeFilter into it. You can do that as following:
Note: Its better to include the PersonalData page within the project to avoid page non existent exception. You can refer to this official document.
Injecting SignInManager instance and check the user credentails:
In this scenario, you can check the user credential before allowing to the access anhything within
ManageNavPages. You can do that like below:Note: I have just used
hasExternalLoginsin order to show how we can check restict the user. You can implement your suitable credential checkings or way to check valid user access then can allow/redirect to the expected page. You can check the official document here.