Blazor Server,: SSO OpenId

Hi, i have an application which uses Keycloak as a SSO provider.

i set a FallbackPolicy to require an authenticated user. Now i want some pages to not require a logon at all. How would i do this? Normally i would use [AllowAnonymus] on the page, but that does not work with Blazor.

The relevant parts in my Startup.cs look like this:

var keycloakConfiguration = Configuration.GetSection("Keycloak");
services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = "oidc";
})
.AddCookie(options =>
{
    options.Cookie.SameSite = SameSiteMode.None;
})
.AddOpenIdConnect("oidc", options =>
{
    options.Authority = keycloakConfiguration.GetValue<string>("Authority");
    options.ClientId = keycloakConfiguration.GetValue<string>("ClientId");
    options.ClientSecret = keycloakConfiguration.GetValue<string>("ClientSecret");
    options.MetadataAddress = keycloakConfiguration.GetValue<string>("MetadataAddress");
    options.RequireHttpsMetadata = keycloakConfiguration.GetValue<bool>("UseHttps");

    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.ResponseType = OpenIdConnectResponseType.Code;
    options.SaveTokens = true;
    options.GetClaimsFromUserInfoEndpoint = true;
    options.TokenValidationParameters = new TokenValidationParameters
    {
        NameClaimType = ClaimTypes.Name,
        RoleClaimType = ClaimTypes.Role,
        ValidateIssuer = true,
    };
});

//the roles need to be mapped individually
services.AddTransient<IClaimsTransformation, KeycloakClaimsTransformation>();

//Require an authenticated user
services.AddAuthorization(options =>
{
    options.FallbackPolicy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .RequireRole("user")
        .Build();
});

Madison Howard

Share Your Mood

kremf

Blazor Server,: SSO OpenId