Two users + two API role endpoints (dotnet#241)

Author: guardrex

8.0/BlazorWebAssemblyStandaloneWithIdentity/Backend/Program.cs

@@ -29,7 +29,13 @@
 builder.Services.AddAuthorizationBuilder();
 
 // Add the database (in memory for the sample)
-builder.Services.AddDbContext<AppDbContext>(options => options.UseInMemoryDatabase("AppDb"));
+builder.Services.AddDbContext<AppDbContext>(
+    options =>
+    {
+        options.UseInMemoryDatabase("AppDb");
+        //For debugging only: options.EnableDetailedErrors(true);
+        //For debugging only: options.EnableSensitiveDataLogging(true);
+    });
 
 // Add identity and opt-in to endpoints
 builder.Services.AddIdentityCore<AppUser>()
@@ -119,10 +125,14 @@
     return Results.Unauthorized();
 }).RequireAuthorization();
 
-app.MapPost("/data-processing", ([FromBody] FormModel model) =>
+app.MapPost("/data-processing-1", ([FromBody] FormModel model) =>
     Results.Text($"{model.Message.Length} characters"))
         .RequireAuthorization();
 
+app.MapPost("/data-processing-2", ([FromBody] FormModel model) =>
+    Results.Text($"{model.Message.Length} characters"))
+        .RequireAuthorization(policy => policy.RequireRole("Manager"));
+
 app.Run();
 
 // Identity user

8.0/BlazorWebAssemblyStandaloneWithIdentity/Backend/SeedData.cs

@@ -1,11 +1,31 @@
-using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 
 namespace Backend;
 
 public class SeedData
 {
+    private static readonly IEnumerable<SeedUser> seedUsers =
+    [
+        new SeedUser()
+        {
+            Email = "leela@contoso.com", 
+            NormalizedEmail = "LEELA@CONTOSO.COM", 
+            NormalizedUserName = "LEELA@CONTOSO.COM", 
+            RoleList = [ "Administrator", "Manager" ], 
+            UserName = "leela@contoso.com"
+        },
+        new SeedUser()
+        {
+            Email = "harry@contoso.com",
+            NormalizedEmail = "HARRY@CONTOSO.COM",
+            NormalizedUserName = "HARRY@CONTOSO.COM",
+            RoleList = [ "User" ],
+            UserName = "harry@contoso.com"
+        },
+    ];
+
     public static async Task InitializeAsync(IServiceProvider serviceProvider)
     {
         using var context = new AppDbContext(serviceProvider.GetRequiredService<DbContextOptions<AppDbContext>>());
@@ -15,9 +35,13 @@ public static async Task InitializeAsync(IServiceProvider serviceProvider)
             return;
         }
 
-        string[] roles = [ "Administrator", "Manager" ];
+        var userStore = new UserStore<AppUser>(context);
+        var password = new PasswordHasher<AppUser>();
+
         using var roleManager = serviceProvider.GetRequiredService<RoleManager<IdentityRole>>();
 
+        string[] roles = [ "Administrator", "Manager", "User" ];
+
         foreach (var role in roles)
         {
             if (!await roleManager.RoleExistsAsync(role))
@@ -28,25 +52,28 @@ public static async Task InitializeAsync(IServiceProvider serviceProvider)
 
         using var userManager = serviceProvider.GetRequiredService<UserManager<AppUser>>();
 
-        var user = new AppUser
+        foreach (var user in seedUsers)
         {
-            Email = "leela@contoso.com",
-            NormalizedEmail = "LEELA@CONTOSO.COM",
-            UserName = "leela@contoso.com",
-            NormalizedUserName = "LEELA@CONTOSO.COM",
-            EmailConfirmed = true,
-            SecurityStamp = Guid.NewGuid().ToString("D")
-        };
-
-        var password = new PasswordHasher<AppUser>();
-        var hashed = password.HashPassword(user, "Passw0rd!");
-        user.PasswordHash = hashed;
+            var hashed = password.HashPassword(user, "Passw0rd!");
+            user.PasswordHash = hashed;
+            await userStore.CreateAsync(user);
 
-        await userManager.AddToRolesAsync(user, roles);
+            if (user.Email is not null)
+            {
+                var appUser = await userManager.FindByEmailAsync(user.Email);
 
-        var userStore = new UserStore<AppUser>(context);
-        var result = userStore.CreateAsync(user);
+                if (appUser is not null && user.RoleList is not null)
+                {
+                    await userManager.AddToRolesAsync(appUser, user.RoleList);
+                }
+            }
+        }
 
         await context.SaveChangesAsync();
     }
+
+    private class SeedUser : AppUser
+    {
+        public string[]? RoleList { get; set; }
+    }
 }

8.0/BlazorWebAssemblyStandaloneWithIdentity/BlazorWasmAuth/Components/Pages/DataProcessing.razor

@@ -7,18 +7,22 @@
 
 <AuthorizeView>
     <Authorized>
-        <p>Hello, @context.User.Identity?.Name! You're authenticated, so processing data will succeed.</p>
+        <p>Hello, @context.User.Identity?.Name! You're authenticated.</p>
     </Authorized>
     <NotAuthorized>
         <p>Hello! You're <em>NOT</em> authenticated, so processing data will fail.</p>
     </NotAuthorized>
 </AuthorizeView>
 
-<EditForm Model="Model" OnSubmit="Submit" FormName="ProcessData">
+<h2>Data processing for any authenticated user</h2>
+
+<p>If you're in any role, you can process data with the following form.</p>
+
+<EditForm Model="Model1" OnSubmit="Submit1" FormName="ProcessData1">
     <div>
         <label>
             Message:
-            <InputText @bind-Value="Model!.Message" />
+            <InputText @bind-Value="Model1!.Message" />
         </label>
     </div>
     <div>
@@ -27,30 +31,68 @@
 </EditForm>
 
 <div>
-    @result
+    @result1
+</div>
+
+<h2>Data processing for Managers</h2>
+
+<p>You must be in the Manager role to use the following form to process data.</p>
+
+<EditForm Model="Model2" OnSubmit="Submit2" FormName="ProcessData2">
+    <div>
+        <label>
+            Message:
+            <InputText @bind-Value="Model2!.Message" />
+        </label>
+    </div>
+    <div>
+        <button type="submit">Submit</button>
+    </div>
+</EditForm>
+
+<div>
+    @result2
 </div>
 
 @code {
-    private string? result;
+    private string? result1;
+    private string? result2;
 
     [SupplyParameterFromForm]
-    public FormModel? Model { get; set; }
+    public FormModel? Model1 { get; set; }
 
-    protected override void OnInitialized() => Model ??= new();
+    [SupplyParameterFromForm]
+    public FormModel? Model2 { get; set; }
+
+    protected override void OnInitialized()
+    {
+        Model1 ??= new();
+        Model2 ??= new();
+    }
+
+    private async Task Submit1()
+    {
+        result1 = await ProcessData("data-processing-1", Model1!);
+    }
+
+    private async Task Submit2()
+    {
+        result2 = await ProcessData("data-processing-2", Model2!);
+    }
 
-    private async Task Submit()
+    private async Task<string> ProcessData(string endpoint, FormModel model)
     {
         var client = ClientFactory.CreateClient("Auth");
 
-        var response = await client.PostAsJsonAsync<FormModel>("data-processing", Model!);
+        var response = await client.PostAsJsonAsync<FormModel>(endpoint, model);
 
         if (response.IsSuccessStatusCode)
         {
-            result = $"The data was processed by the server! The server indicates that the message is {await response.Content.ReadAsStringAsync()} long.";
+            return $"The data was processed by the server! The server indicates that the message is {await response.Content.ReadAsStringAsync()} long.";
         }
         else
         {
-            result = $"The server responded with an unsuccessful status code ({response.StatusCode}).";
+            return $"The server responded with an unsuccessful status code ({response.StatusCode}).";
         }
     }
 

8.0/BlazorWebAssemblyStandaloneWithIdentity/README.md

@@ -29,10 +29,13 @@ For more information, see [Secure ASP.NET Core Blazor WebAssembly with ASP.NET C
 
 1. Navigate to the `BlazorWasmAuth` app at the `FrontendUrl`.
 
-1. Register a new user using the **Register** link in the upper-right corner of the app's UI or use the preregistered test user, `leela@contoso.com`, with the password `Passw0rd!`. Leela has `Administrator` and `Manager` roles and can access the private manager page but not the private editor page of the app.
+1. Register a new user using the **Register** link in the upper-right corner of the app's UI or use one of the preregistered test users:
+
+   * `leela@contoso.com` (Password: `Passw0rd!`). Leela has `Administrator`, `Manager`, and `User` roles and can access the private manager page but not the private editor page of the app. She can process data with both forms on the data processing page.
+   * `harry@contoso.com` (Password: `Passw0rd!`). Harry only has the `User` role and can't access the manager and editor pages. He can only process data with the first form on the data processing page.
 
 1. Log in with the user.
 
-1. Navigate to the private page (`Components/Pages/PrivatePage.razor` at `/private-page`) that only authenticated users can reach. A link to the page appears in the navigation sidebar after the user is authenticated. Navigate to the private manager and editor pages to explore how the user's roles influence the pages that they can visit.
+1. Navigate to the private page (`Components/Pages/PrivatePage.razor` at `/private-page`) that only authenticated users can reach. A link to the page appears in the navigation sidebar after the user is authenticated. Navigate to the private manager and editor pages to explore how the user's roles influence the pages that they can visit. Navigate to the data processing page (`Components/Pages/DataProcessing.razor` at `/data-processing`) to experience authenticated and authorized data processing web API calls.
 
 1. Log out of the app.