Authenticating with ASP.NET Core Identity
Seltzr supports authenticating with ASP.NET Core's default identity provider using the AuthAspNetIdentity(), AuthAspNetIdentity(String, String[]), and AuthAspNetIdentityRole(String[]) methods.
Examples
The following examples assume that IdentityUser
is the class name of the user object used by ASP.NET Core
Authenticating with any signed in user
Any user who is currently authenticated to the web server may access the API.
options.UseSeltzr<MyModel, IdentityUser>(options => {
options
.AuthAspNetIdentity()
.SetupGet("/get", authed => authed.WriteString("Authenticated Content"));
})
Authenticating users by role
This example will only allow users with the role api
to access the API. Note that the name of this method is AuthAspNetIdentityRole. The method takes a params
argument, so multiple roles may be specified.
options.UseSeltzr<MyModel, IdentityUser>(options => {
options
.AuthAspNetIdentityRole("api")
.SetupGet("/get", authed => authed.WriteString("Authenticated Content"));
})
Authenticating users by policy and role
This example will only allow users who fulfill the policy policy
and the roles role1
and role2
to access the API. Roles may be omitted to just check policy.
options.UseSeltzr<MyModel, IdentityUser>(options => {
options
.AuthAspNetIdentity("policy", "role1", "role2")
.SetupGet("/get", authed => authed.WriteString("Authenticated Content"));
});
Redirecting to the login page if authentication fails
By default, if authentication fails, the SimpleExceptionHandler will return a 401 Unauthorized
response. However, this example will redirect users to a sign-in page if authentication fails.
options.UseSeltzr<MyModel, IdentityUser>(options => {
options
.AuthAspNetIdentity()
.Catch<AuthFailedException>((e, c) => {
c.Response.Redirect("/auth/login");
return false; // halt further request execution
})
.CatchExceptions();
})
Restricting routes by role
This example allows authenticated users to access all routes except for those on the /admin
pattern, which requires a role of "admin"
to access.
options.UseSeltzr<MyModel, IdentityUser>(options => {
options
.AuthAspNetIdentity() // permit all authenticated users
.SetupGet("/get", authed => authed.WriteString("Authenticated Content"))
.MapRoute("/admin", admin => {
admin
.ClearAuthProviders()
.AuthAspNetIdentityRole("admin") // just administrators may access /admin
.SetupGet(authed => authed.WriteString("Admin Content"));
});
});
Important
The /admin
route must call ClearAuthProviders()
or the call to MapRoute
must occur before the call to the general AuthAspNetIdentity()
. Otherwise, because options cascade, the /admin
route would have both the general Auth Provider and role specific Auth Provider, and any authenticated user could access the /admin
routes. For example:
// DON'T do this!
options.UseSeltzr<MyModel, IdentityUser>(options => {
options
.AuthAspNetIdentity()
.MapRoute("/admin", admin => {
admin
.AuthAspNetIdentityRole("admin")
.SetupGet(authed => authed.WriteString("Uh-oh! Any user can access this!"));
});
});