Question How to force user to open my web application with login access ?

[ahmedaziz]

I work on blazor server side . I face issue I can't make user redirect to login page

when user try to access web application by copy and past URL of my application on new browser page

my scenario as below :

1-I open my web application as www.union.com .

2-it open login page as first page when connect to www.union.com .

3-I make login with user name and password it log in successfully without using identity then it open dashboard page after login success as www.union.com/Dashboard/AElaziz

AElaziz is user name an dashboard is first page after login success

4-I copy link www.union.com/Dashboard/AElaziz and open it on new page browser and past it then run page

it open dashboard without make login to my web application

so How to prevent this behavior form happen on blazor server side with easy way if possible?

 

[Skydiver]

Tell us exactly how you did step 2 above where you asked the user to log in? Are you using using Blazor's authentication and authorization functionality, or did you roll your own?

 

[ahmedaziz]

i login using ldap authentication active directory for my domain
full code for login

 public async Task Login()
        {
            UserDto userDto = new UserDto();
            userDto.UserName = UserName;
            userDto.Password = Password;
            var result = loginService.Login(userDto).Result;
            IList<string> roles = new List<string>();

            if (string.IsNullOrEmpty(UserName) || string.IsNullOrEmpty(Password))
            {
                Msg = "User Name And Password is Required !";
            }
            else
            {
              

                if (result.status == Status.success)
                {
                  
                    var httpClient = new HttpClient();
                    UserResponseDto data = (UserResponseDto)result.result;
                    UserName = userDto.UserName;

                  
                
                    
                    NavigationManager.NavigateTo($"/Dashboard/{UserName}", true);


                    
                }
                else
                {
                    Msg = "Sorry, User Name and Password is Wrong";
                    return;
                }
            }
        }
public async Task<ResponseModel> Login(UserDto request)
        {
            try
            {
                var UserhasPermission =  _UsersRepository.GetList(x => x.UserName == request.UserName).FirstOrDefault();

                if (UserhasPermission != null)
                {
                    if((bool)UserhasPermission.IsActive)
                    {
                        string adPath = "LDAP:xxxxx";
                        var adAuth = new LdapAuthentication(adPath).IsAuthenticated("xxx", request.UserName, request.Password);
                        if (adAuth)
                        {

                            
                            UserResponseDto obj = new UserResponseDto();
                            obj.UserName = request.UserName;
                            obj.UserId = UserhasPermission.ID;
                            obj.UserRole = UserhasPermission.UserRoll;
                            
                            _response.Success(obj);
                        }

                        else
                            _response.Failed("User name or password is not correct, Kindly try Again");
                    }
                    else
                        _response.Failed("This user not Active");
                }
                else
                    _response.Failed("This user does not Registeration, Kindly try Register First");

                return _response;
            }
            catch (Exception ex)
            {
                throw ex;
            }
        }

 

[cjard]

Have your BSS app got any AuthorizeView tags?

Make a new BSS app and choose "with authentication" in the project creator wizard, and have a look how the new project does it/copy it