2

ASP.NET Core 2.x includes some pre-made scaffolded routes, like the login page, settings, etc. I am working on something that only has OAuth login buttons, and no settings. This means that I don't want users to be able to register with an email, and I don't want any settings pages.

I can remove the link to things like the Settings page , however the routes still exist and can be accessed by typing them in. How do I disable these routes so they are completely inaccessible?

Basically everything under the /Identity/Account/* route, except for the login page should not be available.

Chris Barr
  • 29,851
  • 23
  • 95
  • 135
  • Take a look at this post https://stackoverflow.com/questions/53559810/how-to-remove-default-asp-net-core-identity-endpoints – hawkstrider Jan 17 '19 at 17:57

2 Answers2

2

What you're referring to is the default Identity UI. It's included whenever you register Identity with services.AddDefaultIdentity or explicitly call AddDefaultUI when registering via the other IServiceCollection extensions (AddIdentity/AddIdentityCore). You cannot pick or choose what will or will not be included in the default UI, so if you don't want a part of it, then you cannot use it at all. Therefore, change the services.AddDefaultIdentity line to services.AddIdentity instead.

Once that's complete, you can use the Identity scaffold to include certain parts of the default UI in your application. Right click on your project and choose Add > New Scaffolded Item.... Then pick Identity on the left, and OK to use the only Identity scaffold available. On the resulting window, you can check the pages you want to include, and then click OK again.

Chris Pratt
  • 232,153
  • 36
  • 385
  • 444
  • So if I want to disallow registering with an email, the best thing to do would be to add the related scaffolded items and then make that page blank or redirect elsewhere? – Chris Barr Jan 17 '19 at 19:46
2

For disabling the specific route for Razor Page, you could try IAsyncPageFilter. 

public class DisableIdentityAsyncPageFilter : IAsyncPageFilter
{
    public DisableIdentityAsyncPageFilter()
    {
    }

    public async Task OnPageHandlerSelectionAsync(
                                        PageHandlerSelectedContext context)
    {

        await Task.CompletedTask;
    }

    public async Task OnPageHandlerExecutionAsync(
                                        PageHandlerExecutingContext context,
                                        PageHandlerExecutionDelegate next)
    {
        if (context.HttpContext.Request.Path.StartsWithSegments("/Identity") &&
            !context.HttpContext.Request.Path.StartsWithSegments("/Identity/Account/Login"))
        {
            context.Result = new StatusCodeResult(404);
        }
        else
        {
            await next.Invoke();
        }
    }
}

And then configure in Startup.cs

services.AddMvc(options => {
    options.Filters.Add(typeof(DisableIdentityAsyncPageFilter));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
Edward
  • 28,296
  • 11
  • 76
  • 121