0

Is there any way to configure a .NET core Razor Pages app to have no authentication required for the root directory, basic uid/password authentication for one subdirectory, and Azure B2C for different subdirectory:

/
/basicauth
/aadb2c

I have seen one for basic uid/password which sets the startup.cs looking like this:

services.AddMvc().AddRazorPagesOptions(options => {
    options.Conventions.AuthorizeFolder("/admin");
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

...and in a ones for Azure b2c looks which protect the whole app. Judging by the services configuration above, it looks like only one type of Authorization can be used. Is that correct?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
lcj
  • 1,355
  • 16
  • 37
  • I believe, authentication is injected at the root, and there, I think, only authentication service is allowed. hopefully, you will get additional confirmation or contradictions from others. – Jay Sep 30 '20 at 06:23
  • For one asp.net application using different auth on different folder is not provided out of box. It is possible to support multiple auth on whole app then restricting access on resources/folders based on roles or auth – Pranav Singh Sep 30 '20 at 06:38
  • Thank you. If you put this as an answer I will check it. – lcj Sep 30 '20 at 12:34
  • Agree with PranavSingh, you could use multiple auth in one application, try to use different Authentication Schemes, then, in the page, using Authorize attribute and assign the schemes, reference: [Multiple authentication methods in asp.Net core 2.2](https://stackoverflow.com/questions/54260837/), [ASP.NET Core: Supporting multiple Authorization](https://medium.com/agilix/asp-net-core-supporting-multiple-authorization-6502eb79f934) and [Use multiple authentication schemes](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-3.1). – Zhi Lv Oct 01 '20 at 08:20
  • Done. You've convinced me. If you want to put this in an answer, I will mark it as the answer. – lcj Oct 01 '20 at 12:12

1 Answers1

0

As PranavSingh said: it is possible to support multiple auth on whole app then restricting access on resources/folders based on roles or auth.

Besides, you could try to use different Authentication Schemes, then, in the page, using [Authorize] attribute and assign the schemes,

Reference:

Multiple authentication methods in asp.Net core 2.2,

ASP.NET Core: Supporting multiple Authorization

Use multiple authentication schemes.

Zhi Lv
  • 18,845
  • 1
  • 19
  • 30