Myself and 3 others are building a simple web application in C# with ASP.NET Core 3+, that is for helping a local high school booster club better manage their orders, deliveries, and customer engagement. I’m brand new to C# development: IOW, I don’t understand the inner workings of the application very well right now (someone else does)…
Using the tutorials provided by Auth0, I was able to set up a login feature for authenticating users. But now I don’t know how to authorize access to certain parts of the app to only users that are logged in.
Currently, all pages of our application are reachable whether or not the user is “logged in”.
My question is How do I go about requiring authentication before providing access to some resources and not others??? Do i use “rules” in Auth0? Any suggestions for how to search google for such a thing?
More specifically, our landing page will be for customers to place orders without logging in (I already have mechanisms in place for securely handling such payments “in-the-works”), but there should be an option to login from that landing page (anyone can see it and click on it). However, users should not be given the option of creating a new account, as only app administrators should have the ability to allow for the creation of new accounts: Only “accounts” should have any privileged access, and only administrators should be able to allow for the creation of new accounts.
So I would like our site’s current landing page to be fully accessible to the public (no authentication necessary), but I would like some other portions of our application to require using the Auth0 authentication first before being accessed. How should I go about setting this up? Do I just construct try constructing paths which are or are not reachable given whether a person is logged? If so, how do I even do that? And past that, how do I give different users different levels of access once they’ve successfully logged in?
I am faced now with my own dearth of knowledge regarding both C# and web auth lol, and so any simple suggestion might be enough to point me in the right direction.
“pieces” (AKA skipjack)