问题描述

我当前正在编写一个(服务器端)Blazor应用程序，该应用程序包括默认的AzureAD身份验证.

I'm currently writing a (Server side) Blazor application that includes the default AzureAD Authentication.

这对于经过身份验证的用户来说效果很好-在入口( _Host.cshtml )文件上进行挑战，然后重定向，然后在经过身份验证后再返回.

This works well for authenticated users - challenging on the entrance (_Host.cshtml) file, redirecting and then back once authenticated.

我需要有几页 not 不需要身份验证-我不希望用户受到挑战并重定向到Microsoft.

I need to have a couple of pages not requiring authentication - I don't want the user being challenged and redirected to Microsoft.

执行此操作的正确方法是什么?我已经尝试过 AllowAnonymousAttribute ， AllowAnonymousToPage 剃刀页面选项，似乎没有什么可以阻止挑战.

What is the correct way to do this? I have experimented with the AllowAnonymousAttribute, the AllowAnonymousToPage razor pages options, nothing seems to stop the challenge.

任何帮助将不胜感激！

以下是我的身份验证(ConfigureServices)设置:

Below is my setup for Authentication (ConfigureServices):

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
            .AddAzureAD(options => Configuration.Bind("AzureAd", options));

        services.AddControllersWithViews(options =>
    {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
    });

        services.AddRazorPages();
        services.AddServerSideBlazor();
        services.AddTelerikBlazor();
    }

然后在配置"中相应的部分:

And then the appropriate part in Configure:

        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
            endpoints.MapBlazorHub();
            endpoints.MapFallbackToPage("/_Host");
        });

推荐答案

我发现我要做的就是将以下内容添加到_Hosts.cshtml

I found what I had to do was add the following to _Hosts.cshtml

@using Microsoft.AspNetCore.Authorization
@attribute [AllowAnonymous]

默认情况下，一旦我不需要任何页面上的此授权，就可以将其添加到我想要的页面上.

Once I did this authorization was no longer required on any of the pages by default and I could then add it to the pages where I wanted to require it.

例如，如果您想保护Counter.razor页面安全，只需在顶部添加一个Authorize属性:

For example if you wanted to secure the Counter.razor page just add an Authorize attribute to the top:

@attribute [Authorize]

因此，现在，如果您尝试访问计数器页面，则会收到一条未授权的消息.

So now if you tried to access the counter page you will get a Not authorized message.

如果您要在用户未登录时删除计数器链接，请修改NavMenu.razor，并用< AuthorizeView>括住Counter链接.</AuthorizeView> 如此:

If you want to remove the counter link when the user is not logged in modify the NavMenu.razor and surround the Counter link with an <AuthorizeView> </AuthorizeView> as so:

<AuthorizeView>
    <li class="nav-item px-3">
        <NavLink class="nav-link" href="counter">
            <span class="oi oi-plus" aria-hidden="true"></span> Counter
        </NavLink>
    </li>
</AuthorizeView> 

理想情况下，我本想只选择退出索引页面的授权，并默认情况下保护其他所有内容，但是我找不到找到使之正常工作的方法.如果我尝试将 @attribute [AllowAnonymous] 添加到Index.razor页面，它似乎会忽略它.

Ideally I would have liked to just opt out of authorization for the index page and have everything else secured by default but I could not find a way to get that to work. If I tried adding the @attribute [AllowAnonymous] to the Index.razor page it seemed to ignore it.

这篇关于Blazor使用Azure AD身份验证允许匿名访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！