Hi,
I am currently developing a website to enable my theatre group to be able to do things remotely but i am having some difficulties.
- I am unable to show links based on the access to groups in the AAD. here is the code i have. it just doesn't work.
- I also have had an issue when i have logged in that im getting the error "You do not have permission to view this directory or page." - https://tmtg.azurewebsites.net/signin-oidc
Home Controller
namespace TMTGWeb.Controllers
{
public class HomeController : Controller
{
[AllowAnonymous]
public IActionResult Index()
{
return View();
}
[AllowAnonymous]
public IActionResult Privacy()
{
return View();
}
[AllowAnonymous]
public IActionResult About()
{
return View();
}
[AllowAnonymous]
public IActionResult Book()
{
return View();
}
[AllowAnonymous]
public IActionResult Contact()
{
return View();
}
[AllowAnonymous]
public IActionResult Events()
{
return View();
}
[Authorize("ActiveMembers")]
public IActionResult Members()
{
return View();
}
[AllowAnonymous]
public IActionResult Join()
{
return View();
}
[AllowAnonymous]
public IActionResult Pleaseconfirm()
{
return View();
}
[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
public IActionResult Error()
{
return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
}
}
}Layout
@using Microsoft.AspNetCore.Authorization
@inject IAuthorizationService _authorizationService<!DOCTYPE html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>@ViewBag.Title</title><environment include="Development"><link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" /><link href="~/css/fonts.css" rel="stylesheet" /><link href="~/css/sb-admin.css" rel="stylesheet" /><link href="~/css/font-awesome.css" rel="stylesheet" /><link rel="stylesheet" href="~/css/site.css" /><link href="~/css/datatables.min.css" rel="stylesheet" /></environment><environment exclude="Development"><link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" /><link href="~/css/fonts.css" rel="stylesheet" /><link href="~/css/sb-admin.css" rel="stylesheet" /><link href="~/css/font-awesome.css" rel="stylesheet" /><link rel="stylesheet" href="~/css/site.css" /><link href="~/css/datatables.min.css" rel="stylesheet" /></environment><environment include="Development"><script src="~/lib/jquery/dist/jquery.js"></script><script src="~/lib/bootstrap/dist/js/bootstrap.js"></script><script src="~/js/site.js" asp-append-version="true"></script><script src="~/js/datatables.min.js"></script></environment><environment exclude="Development"><script src="~/lib/jquery/dist/jquery.js"></script><script src="~/lib/bootstrap/dist/js/bootstrap.js"></script><script src="~/js/site.js" asp-append-version="true"></script><script src="~/js/datatables.min.js"></script></environment></head><body><nav class="navbar navbar-expand-lg navbar-dark bg-dark"><a class="navbar-brand" href="#">TMTG</a><button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"><span class="navbar-toggler-icon"></span></button><div class="collapse navbar-collapse" id="navbarSupportedContent"><ul class="navbar-nav mr-auto"><li>@Html.ActionLink("Home", "Index", "Home", "", new { @class = "nav-link" })</li><li>@Html.ActionLink("About", "About", "Home", "", new { @class = "nav-link" })</li><li>@Html.ActionLink("Contact", "Contact", "Home", "", new { @class = "nav-link" })</li>
@if ((await _authorizationService.AuthorizeAsync(User, "ActiveMembers")).Succeeded)
{<li> @Html.ActionLink("Members", "Members", "Home", "", new { @class = "nav-link" }) </li>
}
@if ((await _authorizationService.AuthorizeAsync(User, "Committee")).Succeeded)
{<li> @Html.ActionLink("Committee", "Members", "Home", "", new { @class = "nav-link" }) </li>
}
@if ((await _authorizationService.AuthorizeAsync(User, "Ticketing")).Succeeded)
{<li> @Html.ActionLink("Ticketing", "Members", "Home", "", new { @class = "nav-link" }) </li>
}
@if ((await _authorizationService.AuthorizeAsync(User, "ProductionTeam")).Succeeded)
{<li> @Html.ActionLink("ProductionTeam", "Members", "Home", "", new { @class = "nav-link" }) </li>
}
@if ((await _authorizationService.AuthorizeAsync(User, "Musicians")).Succeeded)
{<li> @Html.ActionLink("Musicians", "Members", "Home", "", new { @class = "nav-link" }) </li>
}</ul></div></body></html>Startup
namespace TMTGWeb
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.AddAuthorization(options =>
{
options.AddPolicy("ActiveMembers", p =>
{
p.RequireClaim("groups", "e8c32cc7-61e0-46b1-b896-7290d7e80ca1");
});
options.AddPolicy("Committee", p =>
{
p.RequireClaim("groups", "6acf99d7-9411-45e9-95d0-84bcfa47b496");
});
options.AddPolicy("OffStageMembers", p =>
{
p.RequireClaim("groups", "74bd0371-2951-4c0b-8d1d-ca2bc9fe13e4");
});
options.AddPolicy("Ticketing", p =>
{
p.RequireClaim("groups", "de2dece0-6291-41cf-bd08-5b5e08faafc4");
});
options.AddPolicy("ProductionTeam", p =>
{
p.RequireClaim("groups", "97a792a9-d3dc-48bd-b386-8a3a8fe99a19");
});
options.AddPolicy("TechnicalAdmin", p =>
{
p.RequireClaim("groups", "efd5f835-e0bc-4324-90b1-82f95f0c0a89");
});
options.AddPolicy("Musicians", p =>
{
p.RequireClaim("groups", "694fcfaa-ad22-494a-900b-2c7695b8d193");
});
});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
}{"AzureAd": {"Instance": "https://login.microsoftonline.com/","Domain": "https://tmtg.azurewebsites.net","TenantId": "MY TENANT ID IS CORRECT","ClientId": "MY CLIENT ID IS CORRECT","CallbackPath": "/signin-oidc"
},"Logging": {"LogLevel": {"Default": "Warning"
}
},"AllowedHosts": "*"
}any help would be appriciated.