I’m new in asp.net core razor pages.
After several days I could implement auhtentication process using my own data base and code.
My login page checks for user and password and also if a user is active (a flag in my table).
Let suppose the administrator changes an auhorized user (he is using the system), setting this user to inactive, or even change roles auhtorized. How can I re-check auhorization in the pipeline?
My code
publicvoidConfigureServices(IServiceCollection services){....
services.AddScoped<IAuthenticateService,AuthenticateService>();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options =>{
options.LoginPath="/Login";
options.ExpireTimeSpan=TimeSpan.FromMinutes(5);
options.AccessDeniedPath="/NotAcess";});......publicvoidConfigure(IApplicationBuilder app,IWebHostEnvironment env){....
app.UseAuthentication();
app.UseAuthorization();// In AuthenticateService (called by login page after checking user existence and password)privateasyncTaskAuthenticateExecAsync(User user,HttpContext httpContext){if(user.Status!=User.Status_Active)thrownewException("User inactive");var identity =newClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
identity.AddClaim(newClaim(ClaimTypes.Name, user.Email));
identity.AddClaim(newClaim(ClaimTypes.GivenName, user.Name));List<string> roles =newList<string>();foreach(var item in user.userRoles)
roles.Add(item.Role.RoleId);foreach(var role in roles)
identity.AddClaim(newClaim(ClaimTypes.Role, role));var principal =newClaimsPrincipal(identity);await httpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);tks