Create Configurable Error Pages in ASP.NET Core

Jun 27, 2016     Viewed 7040 times    3 Comments
Posted in #Configuration  #Diagnostics 

The ASP.NET Core came up with many middlewares that handle the exception nicely instead of YSOD, almost of them are available in Diagnostics Repository.

If we are looking to the previous versions of ASP.NET, we will notice that ASP.NET has a good way to create a configurable and customizable error pages via Web.Config as the following:

<configuration>
  <system.web>
    <compilation debug="true" />
    <customErrors mode="On" defaultRedirect="DefaultErrorPage.aspx">
      <error statusCode="401" redirect="Http401ErrorPage.aspx"/>
      <error statusCode="403" redirect="Http403ErrorPage.aspx"/>
      <error statusCode="404" redirect="Http404ErrorPage.aspx"/>
      <error statusCode="500" redirect="Http500ErrorPage.aspx"/>
    </customErrors>
  </system.web>
</configuration>
MVC repo last few months. A lot of enhancements is going on, and as Damian Edwards mentioned few times RazorPages will be the big feature that will be shipped at ASP.NET Core 2.0.

RazorPages is the successor of the old ASP.NET Web Pages that many of us - even I - like and love, RazorPages enhance and bring some new features that may not there before or difficult to accomplish, one of those are authentication & authorization.

Today we will dig little bit on this, we will see how RazorPages allow us to use AUTH.

Authentication

Authentication is the process to verifying the identity of a user of the application.

No need to talk too much here, because ASP.NET Core Identity is a membership system which allow you to create users, login with username and password, or using external login providers such as Microsoft Accounts, Facebook, Twitter .. etc.

So the code is still the same, I encourage you to read about the identity, below is the basic setup for using cookie-based authentication

public void Configure(IApplicationBuilder app)
{
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        LoginPath = "/Login",
        AutomaticAuthenticate = true,
        AutomaticChallenge = true
    });
}

Authorization

Authorization is the process to granting or denying access to application resources.

Here is where the RazorPages rocks :) RazorPages using a convention-based approach that make developer life easier than before, I still remember that I need to create a punch of Web.Config files especially when I need to protect nested folders, really It was tedious and headache, but that's what we had at the time, but no long now with RazorPages.

Simply you need to specify all the AUTH that your application needs in the RazorPagesOptions, let us have a look to the following code:

public void ConfigureServices(IServiceCollection services)
{
    services.AddRazorPages(options =>
    {
        options.AuthorizeFolder("/Users", "Admins");
        options.AllowAnonymousToPage("/User/Contact");
    });
}

Wow!! is it that easy?!! of course, what you we need to care about is "Who Do What" and let the RazorePages take care about the rest. In above snippet we used AuthorizeFolder() to protect the give path which is "/Users" in our case, also you should to specify a policy such as "Admins", but it's no longer required anymore after my pull request, also we make the "Contact.cshtml" public by using AllowAnonymousToPage().

Note: AllowAnonymousToPage() and AllowAnonymousToFolder() is not included yet while I'm writing the blog post, but it's in own way, after merge this pull request :)

You can checkout the source code for this project from RazorPages in MVC repository on GitHub.

authentication-and-authorization-in-razorpages3/20/2017 6:29:19 PMRazorPages, Authentication, Authorization

Twitter Facebook Google + LinkedIn


3 Comments

Paul H (8/18/2016 5:28:28 PM)

How does this compare to the built-in error handling using app.UseStatusCodePagesWithReExecute or app.UseStatusCodePagesWithRedirects?

Hisham Bin Ateya (8/28/2016 5:27:15 AM)

@Paul the CustomErrorPagesMiddleware can use redirect or re-execute the request behind the scene like the built-in middlewares, but the intent is to have an easy way to configure the error pages like what we have seen in Wen.Config.

WEB MAsters Eye (12/15/2016 9:58:08 PM)

If You have any problems with Error pages.. Than just visit our site.. And consult with our developers..
You will get your solution...


Leave a Comment