I have a MVC project running episerver and are setting up identityserver authentication. Logging in and out works just fine, but when I try to access a page that require a role I get stuck in a redirect loop:
So what I would like to do is to hook up in the EPI authorization chain and redirect users that are unauthorized due to roles to a friendly page telling them that they do not have the required permissions to do this, while unauthenticated users get sent to the IDS.
I've been looking at the ContentController<T> and [AuthorizeContent] attribute but I cant find any way to override or extend or hook into either of those.
What I would really like to avoid is making a custom attribute and sticking this on every controller, or making a base controller that everything has to inherrit because it is a pretty large project with a lot of controllers and more being added regularly.
Once its configured correctly you should not need to do any custom work and use the built in authentication mechanisms. This is a great post which describes setting up IdentityServer with Episerver:
It might be worth comparing the configuration?
Ps this was presented at an Episerver event: https://www.slideshare.net/EricHerlitz/wiring-up-episerver-for-sso-with-identity-server-4
It points to code samples here: https://github.com/EricHerlitz/Identityserver4-Episerver-Demo
Shameless own post bump about Episerver and OIDC: Using OpenID Connect with Episerver
Alloy sample site sources in GitHub.
You are most likely missing the check for is authenticated but got 401 HTTP status code response in the 'RedirectToIdentityProvider' handler, have a look at this startup.cs file (if the user is authenticated but the HTTP response code is 401, return HTTP 403 (Forbidden) as user is missing some rigths to access the content).