Using Single Sign-On for Securing Applications in ASP.NET Core/

...

/

Enforcing Authorization on Individual Razor Pages

Enforcing Authorization on Individual Razor Pages

Learn to enforce authorization requirements in Razor Pages.

We'll cover the following...

When using Razor Pages, we can fine-tune the authorization requirements on each individual page. For example, we can enforce specific roles or claims on certain pages. Alternatively, we can grant anonymous access to some pages even when all other pages require authentication.

The following playground demonstrates how page-specific access requirements can be applied in a Razor Pages application:

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}
Razor Pages app with the OpenID Connect flow

Note: Because we have to build two ASP.NET Core applications and populate the IdP database with the initial seed data, the build process is expected to take at least a few minutes.

Here, all Razor Pages require the user to be authenticated and will trigger the OID authentication flow if an unauthenticated user tries to access them. However, if we launch the playground by clicking the "Run" button, we can see that there is one page that we can access anonymously.

Note: ...