I'm developing an ASP.NET Core 6 web application.
- The application will run via IIS on a standalone machine
- There will be no Register or login functionality.
- The application will support and have functionality for two Users "KioskAdmin" and "KioskUser". Those two Users are machine accounts of the host machine running the application. So a User logs into the machine as "KioskAdmin" and the person has access to the administrative functionality of the application. If a person logs into the host machine as "KioskUser" the person has access to non-admin functionality.
I'd like to use Role based authorization where I can do
[Authorize(Roles ="Admin")]
public class IndexModel : PageModel
I've read about Claims-based authorization and cookie authentication and creating an Identity User, but not sure how to implement it. Plus the machine account username for both KioskAdmin and KioskUser is going to be different for every machine the application is eventually deployed on.
Is there a way to tie [Authorize(Roles ="Admin")] to some custom method where I implement my own code/logic and return some value that would signal the Authorization was valid?
