Windows Security

Radzen Blazor Studio supports Windows authentication and authorization.

  • Radzen Blazor Studio application users are automatically logged in with their Windows credentials.
  • Radzen Blazor Studio application developers can implement authorization via Windows groups.

Windows authentication support is enabled only on Windows machines.

How-to video

Enable Windows security

To enable Windows securityDirectory support in Radzen Blazor Studio follow these steps.

  1. Click the Add security button just above file explorer. This starts the Add Security wizard.
  2. Pick Windows from the available options. Click Next.

Specify the access of a page

When security is enabled Radzen Blazor Studio will allow you to specify which users can access a page. If a user doesn’t have access to certain page it will not appear in the application navigation. If the user enters that page URL manually in the browser they will see a generated unauthorized page.

By default pages created in Radzen Blazor Studio allow access to Everyone - both authenticated and anonymous users.

To specify who can access a page:

  1. Open the page in design mode.
  2. Make sure no component is selected (which is by default). If there is a selected component click in an empty space in the page designer.
  3. Pick Authenticated to allow only authenticated users to view this page (users that have logged in).
  4. Type the name of the group that you want to have access to this page e.g. Administrator.

The code generated for this example is:

@attribute [Authorize(Roles="Administrator")]

Important: If you assign a group to a user make sure they log out fro the application and log in again to see the changes.

Secure controllers

Radzen Blazor Studio applications use various controllers to access data over HTTP - AccountController for login, registration, ApplicationUsersController and ApplicationRolesController to manage users and roles. Blazor WASM expose a database as a OData controller. By default only ApplicationRolesController and ApplicationUsersController disallow anonymous access.

To require authorized access you need to decorate the controllers with the Authorize attribute.

Allow authenticated users

To disable anonymous access and allow any logged-in user edit the controller code and add [Authorize] before the class declaration.

/* snip */
using Microsoft.AspNetCore.Authorization;

namespace [Namespace].Server.Controllers.[Database]
{
    [Authorize] // -> Allow any authenticated user. Disallow anonymous access.
    [Route("odata/Northwind/Orders")]
    public partial class OrdersController : ODataController
    {
      /* snip */
    }
}

Important: Do not add the Authorize attribute to the AccountController class as it will effectively disable login and registration.

Allow specific roles

To allow only certain roles specify the Roles property during decoration:

/* snip */
using Microsoft.AspNetCore.Authorization;
namespace [Namespace].Server.Controllers.[Database]
{
    [Authorize(Roles="Administrator,Sales")] // -> Allow only members of the Administrator or Sales role
    [Route("odata/Northwind/Orders")]
    public partial class OrdersController : ODataController
    {
      /* snip */
    }
}