Quero que o usuário acesse a página de privacidade somente se estiver logado, mas a autorização só funciona se eu entrar em uma conta e sair, não funciona quando executo o webapp no início e tento entrar na página de privacidade devo faça login e saia para obter autorização para trabalhar. Tenho certeza de que tudo estava bem algumas horas atrás, então aqui está um código relevante:
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
//db
services.AddDbContext<TheAppContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Myconnection")));
//auth w/ cookies
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "MySessionCookie";
options.LoginPath = "/LogUsers/Expired";
options.SlidingExpiration = true;
});
//service 3/default
services.AddControllersWithViews();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseRouting();
var cookiePolicyOptions = new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.Strict,
HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.Always,
Secure = CookieSecurePolicy.None,
};
app.UseCookiePolicy(cookiePolicyOptions);
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
Métodos do controlador relevante
[AllowAnonymous]
[HttpPost]
public async Task<IActionResult> Login(Users login) //login users
{
if(IsValidUser(login.Username, login.Password))
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, login.Username),
new Claim(ClaimTypes.Role, "User"),
};
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties
{
//The time at which the authentication ticket expires.
//ExpiresUtc = DateTime.Now.AddMinutes(60),
};
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity),
authProperties);
DisplayedUsername = "@" + login.Username;
CanUserLogout = 1;
return RedirectToAction("Index", "Home");
}
else
{
ViewBag.message = "Failed to login";
return View();
}
}
private bool IsValidUser(string username, string password)
{
var user = _context.Users.FirstOrDefault(u => u.Username == username && u.Password == password);
if (user != null)
{
return true;
}
return false;
}
[Authorize]
public async Task<ActionResult> Logout()
{
await HttpContext.SignOutAsync(
CookieAuthenticationDefaults.AuthenticationScheme);
CanUserLogout = 0;
return RedirectToAction("Login", "Logusers");
}
Método de ação de privacidade do controlador doméstico:
[Authorize]
public IActionResult Privacy()
{
return View();
}
Qualquer ajuda será apreciada.
EDITAR - 1
Startup.csatualizado
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//db
services.AddDbContext<TheAppContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Myconnection")));
//auth w/ cookies
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "MySessionCookie";
options.LoginPath = "/LogUsers/Expired";
options.SlidingExpiration = true;
});
//service 3/default
services.AddControllersWithViews();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
var cookiePolicyOptions = new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.Strict,
HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.Always,
Secure = CookieSecurePolicy.None,
};
app.UseCookiePolicy(cookiePolicyOptions);
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}
Não vejo você chamando o método ConfigureServices(), certifique-se de fazer isso.
Em segundo lugar, talvez seja necessário mover a chamada para app.UseCookiePolicy() para antes de app.UseAuthentication(). A ordem na qual você faz a inicialização é importante.
Sobre a chamada ConfigureServices, esperava ver algo assim no seu código: