2

I want to return a 403 status code or a customize AccessDenied view (haven't decided yet) instead of Identity/Account/AccessDenied?ReturnUrl=%2F page. But i just don't know how to do it because it's a default configuration and works under the hood.
Context of my application:
I have 3 roles: SuperAdmin,Admin and Customer. So if a user try to access unauthorized controller/action then i want to throw the respective 403 status code or customer access denied view.
I'm new to Identity so i just know how to customize my IdentityUser and work with Login/SignUp/LogOut and the basics of user roles. So please have patience with me or try to explain the concepts as simple as possible so monkeys like me can understand it properly.
I'm going to attach my Dependecy Injection container code, in case anyone needs it.

public void ConfigureServices(IServiceCollection services)
        {

            services.AddControllersWithViews();
            services.AddRazorPages()
                    .AddRazorRuntimeCompilation();

            services.AddDbContextPool<RealStateDbContext>(options =>
                options.UseSqlServer(Configuration.GetConnectionString("Standard")));

            services.AddIdentity<AppUser, IdentityRole>()
                    .AddEntityFrameworkStores<RealStateDbContext>()
                    .AddDefaultUI()
                    .AddDefaultTokenProviders();

            services.Configure<IdentityOptions>(options =>
            {

                //add this option to identity configuration
                options.User.RequireUniqueEmail = true;
                options.Password.RequiredLength = 1;
                options.Password.RequireDigit = false;
                options.Password.RequiredUniqueChars = 0;
                options.Password.RequireLowercase = false;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireUppercase = false;
            });
}

I'm working on asp.net core mvc 3.1, and i'm trying to refactor the scaffold identity code, so it works with the bare minimum/none of razor pages technology (as mvc as possible).

Improve this question

1 Answer 1

Reset to default
10

If you want to have a custom page, you should be able to configure which URL to redirect the user to if they try to access a forbidden path. With the default Identity configuration you can adjust this through the application cookie settings, like so:

services.ConfigureApplicationCookie(options =>
{
    options.AccessDeniedPath = "/MyHttpStatuses/AccessDenied";
});

Then you can create your Razor page like normal:

// /Pages/MyHttpStatuses/AccessDenied.cshtml
@page

<h2>Access Denied!</h2>
<p>Damn, looks like you're not important enough. Sorry.</p>

Now, you should be redirected to your custom URL and handle that redirect like a normal page. Note: you don't need to change the redirect URL if you don't want to, but this is just an example. Alternatively you could leave it at its default and create your Razor page under /Pages/Identity/Account/AccessDenied.cshtml.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.