The Radzen App builder has several providers to add user authentication to your app. You can select from web forms, windows, and active directory.
Web forms authentication requires minimal configuration and is typically used for web apps.
The steps to add Web forms authentication to an Angular web app are
Create a Data source
Radzen supports several types of data source
Configure security options.
- Select the security option in top menu of Radzen IDE and configure the required options. The checkbox Auto generate pages for user and role management will automatically create admin management pages for users and roles.
- If you want email confirmation configure the SMTP server settings etc before creating the pages else handlers might not get automatically added and you need to manually add them.
- the Login layout must be a layout available to everbody
- create a start page
Setup User roles
Run the app, register as a user and then login
Select the user profile menu (1), then Roles (2)
The generated Application Roles page is displayed. Add the roles the app will utilise
Now from the User Profile menu select the Users page
Assign the relevant roles to each user
Set Page access authorizations for each page
Return to the Radzen IDE and for each page assign the access roles. For example, User management and roles pages should only be available to the admin role.
Right click on each page and select Properties
Ensure the page is only available to users with the appropriate role. The Access dropdown allows selection of multiple roles so with the admin role ensure Authenticated is removed.
Account Lockout is not enabled within Radzen security by default but it can be added with some minor code changes as follows.
Add server/Controllers/AuthController.csto Code generation ignore list.
In the method Login amend the code that calls CheckPasswordAsync and processes result as follows
Override Default LockOut settings
If you need to override any default lockout settings add a partial class for the Startup class e.g. Startup.Custom.cs then add code to OnConfigureServices similar to
Test Account Lockout
- run the web app and login with valid credentials.
- verify the login is successful
- attempt to login with a correct username but wrong password
- verify after the specified number of incorrect attempts the account is locked
- wait until after the lockout time period expires
- test an incorrect password twice then on the last attempt give the correct password
- verify login is successful