Radzen Security

The Radzen App builder has several providers to add user authentication to your app. You can select from web forms, windows, and active directory.

Web forms authentication requires minimal configuration and is typically used for web apps.

The steps to add Web forms authentication to an Angular web app are

Create a Data source

Radzen supports several types of data source

Configure security options.

  • Select the security option in top menu of Radzen IDE and configure the required options. The checkbox Auto generate pages for user and role management will automatically create admin management pages for users and roles.
  • If you want email confirmation configure the SMTP server settings etc before creating the pages else handlers might not get automatically added and you need to manually add them.
  • the Login layout must be a layout available to everbody
  • create a start page

Setup User roles

Run the app, register as a user and then login

Select the user profile menu (1), then Roles (2)

The generated Application Roles page is displayed. Add the roles the app will utilise

Now from the User Profile menu select the Users page

Assign the relevant roles to each user

Set Page access authorizations for each page

Return to the Radzen IDE and for each page assign the access roles. For example, User management and roles pages should only be available to the admin role.

Right click on each page and select Properties

Ensure the page is only available to users with the appropriate role. The Access dropdown allows selection of multiple roles so with the admin role ensure Authenticated is removed.

Account Lockout

Account Lockout is not enabled within Radzen security by default but it can be added with some minor code changes as follows.

Application settings

Add server/Controllers/AuthController.csto Code generation ignore list.

Amend AuthController.cs

In the method Login amend the code that calls CheckPasswordAsync and processes result as follows

Override Default LockOut settings

If you need to override any default lockout settings add a partial class for the Startup class e.g. Startup.Custom.cs then add code to OnConfigureServices similar to

Test Account Lockout

  1. run the web app and login with valid credentials.
  2. verify the login is successful
  3. logout
  4. attempt to login with a correct username but wrong password
  5. verify after the specified number of incorrect attempts the account is locked
  1. wait until after the lockout time period expires
  2. test an incorrect password twice then on the last attempt give the correct password
  3. verify login is successful