i'm attempting write custom authentication/authorization mvc 6 asp.net 5 web app. i've written custom policies , requirements using
microsoft.aspnet.authorization.authorizationhandler microsoft`.aspnet.authorization.iauthorizationrequirement
and can trace through code , seems working expected. if user matches requirement , context.succeeded(requirement) , return. if user doesn't match , context.fail() want redirect cshtml page displays "you unauthorized feature". instead comes blank web page. when check consul can see code returned 403 forbidden error. need know how redirect page. have tried adding authorize attribute:
enter code here
[authorize(policy = "xyz", activeauthenticationscheme = "cookie")]
but when redirects "/account/login" when user authenticated. i've tried setup in configureservices of startup.cs
services.configure<cookieauthenticationoptions>(o => { o.authenticationscheme = "cookie"; o.loginpath = ""; o.accessdeniedpath = new microsoft.aspnet.http.pathstring("/home/unauthorized/"); o.automaticauthenticate = true; });
but seems ignoring settings. change scheme more generic "manpower" "no authentication handler configured authenticate scheme" error when user doesn't have authorization. i'm using windows authentication. i've tried in configure method of startup.cs following:
app.usecookieauthentication(options => { options.authenticationscheme = "manpower"; options.loginpath = ""; options.accessdeniedpath = new microsoft.aspnet.http.pathstring("/home/unauthorized/"); options.automaticauthenticate = true; });
the later doesn't generate error, causes same behavior in requests redirected /account/login if authorized. appreciated. thanks.
the problem have you're mixing cookie auth , windows auth. don't need both.
remove cookie authentication pieces, remove activeauthenticationscheme = "cookie"
policy. policy created requires cookie, windows authentication doesn't use cookies unauthorized response.
there couple of things note though. windows auth supports role based authentication , it's broken in rc1. fix in rc2.
Comments
Post a Comment