In this section we'll add features that track attendees who have registered on the site and allow them to create a personal agenda.
-
Update the
AuthHelpersfile in theInfrastructurefolder, adding members to theAuthConstantsandAuthnHelpersclasses for working with attendee users:namespace FrontEnd.Infrastructure { public static class AuthConstants { public static readonly string IsAdmin = nameof(IsAdmin); public static readonly string IsAttendee = nameof(IsAttendee); public static readonly string TrueValue = "true"; } } namespace System.Security.Claims { public static class AuthnHelpers { public static bool IsAdmin(this ClaimsPrincipal principal) => principal.HasClaim(AuthConstants.IsAdmin, AuthConstants.TrueValue); public static void MakeAdmin(this ClaimsPrincipal principal) => principal.Identities.First().MakeAdmin(); public static void MakeAdmin(this ClaimsIdentity identity) => identity.AddClaim(new Claim(AuthConstants.IsAdmin, AuthConstants.TrueValue)); public static bool IsAttendee(this ClaimsPrincipal principal) => principal.HasClaim(AuthConstants.IsAttendee, AuthConstants.TrueValue); public static void MakeAttendee(this ClaimsPrincipal principal) => principal.Identities.First().MakeAttendee(); public static void MakeAttendee(this ClaimsIdentity identity) => identity.AddClaim(new Claim(AuthConstants.IsAttendee, AuthConstants.TrueValue)); } }
-
Update the
ClaimsPrincipalFactoryclass in theAreas/Identityfolder and add code toGenerateClaimsAsyncthat adds theIsAttendeeclaim if the user is registered as an attendee:public class ClaimsPrincipalFactory : UserClaimsPrincipalFactory<User> { private readonly IApiClient _apiClient; public ClaimsPrincipalFactory(IApiClient apiClient, UserManager<User> userManager, IOptions<IdentityOptions> optionsAccessor) : base(userManager, optionsAccessor) { _apiClient = apiClient; } protected override async Task<ClaimsIdentity> GenerateClaimsAsync(User user) { var identity = await base.GenerateClaimsAsync(user); if (user.IsAdmin) { identity.MakeAdmin(); } var attendee = await _apiClient.GetAttendeeAsync(user.UserName); if (attendee != null) { identity.MakeAttendee(); } return identity; } }
-
Add a
Welcome.cshtmlRazor page andWelcome.cshtml.cspage model in thePagesfolder. -
Add a user sign up form to
Welcome.cshtml:@page @using ConferenceDTO @model WelcomeModel <h2>Welcome @User.Identity.Name</h2> <p> Register as an attendee to get access to cool features. </p> <form method="post"> <div asp-validation-summary="All" class="text-danger"></div> <input asp-for="Attendee.UserName" value="@User.Identity.Name" type="hidden" /> <div class="form-group"> <label asp-for="Attendee.FirstName" class="control-label"></label> <div class="row"> <div class="col-md-6"> <input asp-for="Attendee.FirstName" class="form-control" /> </div> </div> <span asp-validation-for="Attendee.FirstName" class="text-danger"></span> </div> <div class="form-group"> <label asp-for="Attendee.LastName" class="control-label"></label> <div class="row"> <div class="col-md-6"> <input asp-for="Attendee.LastName" class="form-control" /> </div> </div> <span asp-validation-for="Attendee.LastName" class="text-danger"></span> </div> <div class="form-group"> <label asp-for="Attendee.EmailAddress" class="control-label"></label> <div class="row"> <div class="col-md-6"> <input asp-for="Attendee.EmailAddress" class="form-control" /> </div> </div> <span asp-validation-for="Attendee.EmailAddress" class="text-danger"></span> </div> <div class="form-group"> <div class=""> <button type="submit" class="btn btn-primary">Save</button> </div> </div> </form> @section Scripts { <partial name="_ValidationScriptsPartial" /> }
-
Create a
Modelsfolder under your pages folder, create a class calledAttendee.cs, then create a class which adds display specific information for an attendeeusing System.ComponentModel; using System.ComponentModel.DataAnnotations; namespace FrontEnd.Pages.Models { public class Attendee : ConferenceDTO.Attendee { [DisplayName("First name")] public override string FirstName { get => base.FirstName; set => base.FirstName = value; } [DisplayName("Last name")] public override string LastName { get => base.LastName; set => base.LastName = value; } [DisplayName("Email address")] [DataType(DataType.EmailAddress)] public override string EmailAddress { get => base.EmailAddress; set => base.EmailAddress = value; } } }
-
In
Welcome.cshtml.cs, add logic that associates the logged in user with an attendee:using System.Threading.Tasks; using FrontEnd.Services; using FrontEnd.Pages.Models; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; using System.Security.Claims; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Identity; namespace FrontEnd.Pages { public class WelcomeModel : PageModel { private readonly IApiClient _apiClient; public WelcomeModel(IApiClient apiClient) { _apiClient = apiClient; } [BindProperty] public Attendee Attendee { get; set; } public IActionResult OnGet() { // Redirect to home page if user is anonymous or already registered as attendee var isAttendee = User.IsAttendee(); if (!User.Identity.IsAuthenticated || isAttendee) { return RedirectToPage("/Index"); } return Page(); } public async Task<IActionResult> OnPostAsync() { var success = await _apiClient.AddAttendeeAsync(Attendee); if (!success) { ModelState.AddModelError("", "There was an issue creating the attendee for this user."); return Page(); } // Re-issue the auth cookie with the new IsAttendee claim User.MakeAttendee(); await HttpContext.SignInAsync(IdentityConstants.ApplicationScheme, User); return RedirectToPage("/Index"); } } }
-
Logged in users can now be associated with an attendee by visiting this page.
-
Add a folder called
Middleware. -
Add a new attribute
SkipWelcomeAttribute.csto allow certain pages or action methods to be skipped from enforcing redirection to the Welcome page:using System; namespace FrontEnd { [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)] public class SkipWelcomeAttribute : Attribute { } }
-
Add a new class called
RequireLoginMiddleware.csthat redirects to the Welcome page if the user is authenticated but not associated with an attendee (does not have the"IsAttendee"claim):public class RequireLoginMiddleware { private readonly RequestDelegate _next; private readonly LinkGenerator _linkGenerator; public RequireLoginMiddleware(RequestDelegate next, LinkGenerator linkGenerator) { _next = next; _linkGenerator = linkGenerator; } public Task Invoke(HttpContext context) { var endpoint = context.GetEndpoint(); // If the user is authenticated but not a known attendee *and* we've not marked this page // to skip attendee welcome, then redirect to the Welcome page if (context.User.Identity.IsAuthenticated && endpoint?.Metadata.GetMetadata<SkipWelcomeAttribute>() == null) { var isAttendee = context.User.IsAttendee(); if (!isAttendee) { var url = _linkGenerator.GetUriByPage(context, page: "/Welcome"); // No attendee registerd for this user context.Response.Redirect(url); return Task.CompletedTask; } } return _next(context); } }
-
Add the
RequireLoginMiddlewareinConfiguremethod inStartup.csbeforeUseEndpoints():app.UseMiddleware<RequireLoginMiddleware>(); app.UseEndpoints(endpoints => { endpoints.MapRazorPages(); });
-
Update the
Welcome.cshtml.csclass with the attribute to ensure it is skipped when the global filter runs:[SkipWelcome] public class WelcomeModel : PageModel { ...
-
This should force all logged in users to register as an attendee.
One problem with the above system is that if a new user creates an account but does not register as an attendee, they are unable to logout. The general solution to this is to add the
[SkipWelcome]page to theLogoutview, but in order to do that we will need to scaffold it. Identity pages are served from the Identity UI NuGet package by default, but can be added to a project and overridden, as we have already seen in theRegisterpage.
- Right-click on the
FrontEndproject and select Add / New Scaffolded Item / Identity. - Check the
Account\Logoutpage, select theIdentityDbContextas the Data context class, and press Add.
- Run this command from the FrontEnd project folder.
dotnet aspnet-codegenerator identity --dbContext FrontEnd.Data.IdentityDbContext --files Account.Logout
- Add the
[SkipWelcome]attribute to theLogoutModelclass:[SkipWelcome] [AllowAnonymous] public class LogoutModel : PageModel { ...
- You're now able to log out if you create a new user but don't register as an attendee.
-
Add the following methods to
IApiClient:Task<List<SessionResponse>> GetSessionsByAttendeeAsync(string name); Task AddSessionToAttendeeAsync(string name, int sessionId); Task RemoveSessionFromAttendeeAsync(string name, int sessionId);
-
Add the implementations to
ApiClient:public async Task AddSessionToAttendeeAsync(string name, int sessionId) { var response = await _httpClient.PostAsync($"/api/attendees/{name}/session/{sessionId}", null); response.EnsureSuccessStatusCode(); } public async Task RemoveSessionFromAttendeeAsync(string name, int sessionId) { var response = await _httpClient.DeleteAsync($"/api/attendees/{name}/session/{sessionId}"); response.EnsureSuccessStatusCode(); } public async Task<List<SessionResponse>> GetSessionsByAttendeeAsync(string name) { var response = await _httpClient.GetAsync($"/api/attendees/{name}/sessions"); response.EnsureSuccessStatusCode(); return await response.Content.ReadAsAsync<List<SessionResponse>>(); }
- Add an action called
GetSessionsto theAttendeesControllerin theBackEndproject:[HttpGet("{username}/sessions")] public async Task<ActionResult<List<SessionResponse>>> GetSessions(string username) { var sessions = await _context.Sessions.AsNoTracking() .Include(s => s.Track) .Include(s => s.SessionSpeakers) .ThenInclude(ss => ss.Speaker) .Where(s => s.SessionAttendees.Any(sa => sa.Attendee.UserName == username)) .Select(m => m.MapSessionResponse()) .ToListAsync(); return sessions; }
-
Add a property
IsInPersonalAgendatoSession.cshtml.cs:public bool IsInPersonalAgenda { get; set; }
-
Compute the value of that property in
OnGetAsync:if (User.Identity.IsAuthenticated) { var sessions = await _apiClient.GetSessionsByAttendeeAsync(User.Identity.Name); IsInPersonalAgenda = sessions.Any(s => s.Id == id); }
-
Add a form to the bottom of
Session.cshtmlrazor page that adds the ability to add/remove the session to the attendee's personal agenda:<form method="post"> <input type="hidden" name="sessionId" value="@Model.Session.Id" /> <p> <a authz-policy="Admin" asp-page="/Admin/EditSession" asp-route-id="@Model.Session.Id" class="btn btn-default btn-sm">Edit</a> @if (Model.IsInPersonalAgenda) { <button authz="true" type="submit" asp-page-handler="Remove" class="btn btn-default btn-sm" title="Remove from my personal agenda"> <i class="icon ion-md-star" aria-hidden="true"></i> </button> } else { <button authz="true" type="submit" class="btn btn-default btn-sm bg-transparent" title="Add to my personal agenda"> <i class="icon ion-md-star-outline" aria-hidden="true"></i> </button> } </p> </form>
-
The above markup uses a star icon from the ionicons, one of the icon libraries recommended by Bootstrap. Let's add a CDN reference to this library in
Pages\Shared\_Layout.cshtml, directly above thesite.cssreference:</environment> <link rel="stylesheet" href="https://unpkg.com/[email protected]/dist/css/ionicons.min.css" /> <link rel="stylesheet" href="~/css/site.css" />
-
Add
OnPostAsynchandlers toSession.cshtml.csthat handles the adding/removing of the session to the personal agenda:public async Task<IActionResult> OnPostAsync(int sessionId) { await _apiClient.AddSessionToAttendeeAsync(User.Identity.Name, sessionId); return RedirectToPage(); } public async Task<IActionResult> OnPostRemoveAsync(int sessionId) { await _apiClient.RemoveSessionFromAttendeeAsync(User.Identity.Name, sessionId); return RedirectToPage(); }
-
Attendees should now be able to add/remove sessions to/from their personal agenda.
-
Add
MyAgenda.cshtmlandMyAgenda.cshtml.csfiles to thePagesfolder. -
The Index page and MyAgenda page share the vast majority of their logic and rendering. We'll refactor the
Index.cshtml.csclass so that it may be used as a base class for theMyAgendapage. -
Add a
virtualGetSessionsAsyncmethod toIndex.cshtml.cs:protected virtual Task<List<SessionResponse>> GetSessionsAsync() { return _apiClient.GetSessionsAsync(); }
-
Change the
_apiClientfield inIndex.cshtml.csto beprotectedinstead ofprivate:protected readonly IApiClient _apiClient;
-
Change the logic in
OnGetAsyncto get session using the new virtual method we just added:Before
var sessions = _apiClient.GetSessionsAsync();
After
var sessions = await GetSessionsAsync();
-
Make the MyAgenda page model derive from the Index page model. Change
MyAgenda.cshtml.csto look like this:using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using ConferenceDTO; using FrontEnd.Services; using Microsoft.AspNetCore.Authorization; namespace FrontEnd.Pages { [Authorize] public class MyAgendaModel : IndexModel { public MyAgendaModel(IApiClient client) : base(client) { } protected override Task<List<SessionResponse>> GetSessionsAsync() { return _apiClient.GetSessionsByAttendeeAsync(User.Identity.Name); } } }
-
Refactor the
Index.cshtmlinto a_AgendaPartial.cshtmlunder thePages\Sharedfolder. It should have the following content:@model IndexModel <ul class="nav nav-pills mb-3"> @foreach (var day in Model.DayOffsets) { <li role="presentation" class="nav-item"> <a class="nav-link @(Model.CurrentDayOffset == day.Offset ? "active" : null)" asp-route-day="@day.Offset">@day.DayofWeek?.ToString()</a> </li> } </ul> <div class="agenda"> @foreach (var timeSlot in Model.Sessions) { <h4>@timeSlot.Key?.ToString("HH:mm")</h4> <div class="row"> @foreach (var session in timeSlot) { <div class="col-md-3 mb-4"> <div class="card shadow session h-100"> <div class="card-header">@session.Track?.Name</div> <div class="card-body"> <h5 class="card-title"><a asp-page="Session" asp-route-id="@session.Id">@session.Title</a></h5> </div> <div class="card-footer"> <ul class="list-inline mb-0"> @foreach (var speaker in session.Speakers) { <li class="list-inline-item"> <a asp-page="Speaker" asp-route-id="@speaker.Id">@speaker.Name</a> </li> } </ul> <form authz method="post"> <input type="hidden" name="sessionId" value="@session.Id" /> <p class="mb-0"> <a authz-policy="Admin" asp-page="/Admin/EditSession" asp-route-id="@session.Id" class="btn btn-default btn-xs">Edit</a> @if (Model.UserSessions.Contains(session.Id)) { <button type="submit" asp-page-handler="Remove" class="btn btn-default btn-sm bg-transparent" title="Remove from my personal agenda"> <i class="icon ion-md-star" aria-hidden="true"></i> </button> } else { <button type="submit" class="btn btn-default btn-sm bg-transparent" title="Add to my personal agenda"> <i class="icon ion-md-star-outline" aria-hidden="true"></i> </button> } </p> </form> </div> </div> </div> } </div> } </div>
-
Update the
Index.cshtmlto use the new_AgendaPartial. Replace the entire div with the "agenda" css class and replace it with the following:<h1 class="mb-4">My Conference @System.DateTime.Now.Year</h1> <partial name="_AgendaPartial" model="Model" />
-
Next, use the
_AgendaPartialon theMyAgenda.cshtmlpage.@page @model MyAgendaModel @{ ViewData["Title"] = "My Agenda"; } @if (Model.ShowMessage) { <div class="alert alert-success alert-dismissible" role="alert"> <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button> @Model.Message </div> } <h1 class="mb-4">My Agenda - My Conference @System.DateTime.Now.Year</h1> <partial name="_AgendaPartial" model="Model" />
-
Go to the layout file
_Layout.cshtml. -
Add a link that shows up only when authenticated under the
/Speakerslink:<div class="navbar-collapse collapse d-sm-inline-flex flex-sm-row-reverse"> <partial name="_LoginPartial" /> <ul class="navbar-nav flex-grow-1"> <li class="nav-item"> <a class="nav-link text-dark" asp-page="/Search">Search</a> </li> <li class="nav-item"> <a class="nav-link text-dark" asp-area="" asp-page="/Index">Agenda</a> </li> <li class="nav-item"> <a class="nav-link text-dark" asp-page="/Speakers">Speakers</a> </li> <li class="nav-item" authz="true"> <a class="nav-link text-dark" asp-page="/MyAgenda">My Agenda</a> </li> <li class="nav-item"> <a class="nav-link text-dark" asp-area="" asp-page="/Privacy">Privacy</a> </li> </ul> </div>
-
Add a
UserSessionsproperty to theIndexModel:public List<int> UserSessions { get; set; } = new List<int>();
-
Update the
OnGetmethod to fetch theUserSessions:public async Task OnGet(int day = 0) { CurrentDayOffset = day; if (User.Identity.IsAuthenticated) { var userSessions = await _apiClient.GetSessionsByAttendeeAsync(User.Identity.Name); UserSessions = userSessions.Select(u => u.Id).ToList(); } var sessions = await GetSessionsAsync(); //...
-
Add the following two methods to the
IndexModelto handle adding and removing sessions from your agenda from theIndexpage:public async Task<IActionResult> OnPostAsync(int sessionId) { await _apiClient.AddSessionToAttendeeAsync(User.Identity.Name, sessionId); return RedirectToPage(); } public async Task<IActionResult> OnPostRemoveAsync(int sessionId) { await _apiClient.RemoveSessionFromAttendeeAsync(User.Identity.Name, sessionId); return RedirectToPage(); }
-
Run the application and test logging in and managing your agenda from the
Indexpage, individual session details, and from theMy Agendapage.
Next: Session #6 - Deployment | Previous: Session #4 - Authentication