Updated auth features

davidfowl · DamianEdwards · commit d5b941b02545 · 2019-10-01T17:37:06.000-07:00
diff --git a/docs/4. Add auth features.md b/docs/4. Add auth features.md
@@ -289,21 +289,6 @@ In this module we're going to add the capability for users to register and sign-
         }
     }
     ```
-1. Register the custom `UserClaimsPrincipalFactory<User>` in the `IdentityHostingStartup` class. You can also take this opportunity to tweak the default password policy to be less or more strict if you wish:
-    ``` c#
-    services.AddDefaultIdentity<User>(options =>
-    {
-        options.Password.RequireDigit = false;
-        options.Password.RequiredLength = 1;
-        options.Password.RequiredUniqueChars = 0;
-        options.Password.RequireLowercase = false;
-        options.Password.RequireUppercase = false;
-        options.Password.RequireNonAlphanumeric = false;
-    })
-    .AddDefaultUI(UIFramework.Bootstrap4)
-    .AddEntityFrameworkStores<IdentityDbContext>()
-    .AddClaimsPrincipalFactory<ClaimsPrincipalFactory>();
-    ```
 1. Add a new class file `AuthHelpers.cs` in the `Infrastructure` folder and add the following helper methods for reading and setting the admin claim:
     ``` c#
     namespace FrontEnd.Infrastructure
@@ -340,6 +325,14 @@ In this module we're going to add the capability for users to register and sign-
         }
     }
     ```
+
+1. Register the custom `UserClaimsPrincipalFactory<User>` in the `IdentityHostingStartup` class:
+    ``` c#
+    services.AddDefaultIdentity<User>()
+    .AddDefaultUI(UIFramework.Bootstrap4)
+    .AddEntityFrameworkStores<IdentityDbContext>()
+    .AddClaimsPrincipalFactory<ClaimsPrincipalFactory>();
+    ```
 1. Add authorization services with an admin policy to the `ConfigureServices()` method of `Startup.cs` that uses the just-added helper methods to require the admin claim:
 
     ```csharp
@@ -352,7 +345,7 @@ In this module we're going to add the capability for users to register and sign-
         });
     });
    ```
-1. Add `Microsoft.AspNetCore.Authorization` to the list of usings in `Index.cshtml.cs`, then use the helper method in the page model to determine if the current user is an administrator.
+1. Add `System.Security.Claims` to the list of usings in `Index.cshtml.cs`, then use the helper method in the page model to determine if the current user is an administrator.
 
     ```csharp
     public bool IsAdmin { get; set; }
@@ -378,21 +371,20 @@ In this module we're going to add the capability for users to register and sign-
 		@if (Model.IsAdmin)
 		{
 		    <li>
-			<a asp-page="/Admin/EditSession" asp-route-id="@session.ID" class="btn btn-default btn-xs">Edit</a>
+			<a asp-page="/Admin/EditSession" asp-route-id="@session.Id" class="btn btn-default btn-xs">Edit</a>
 		    </li>
 		}
 	    </ul>
 	</div>
    ```
 1. Add a nested `Admin` folder to the `Pages` folder then add an `EditSession.cshtml` razor page and `EditSession.cshtml.cs` page model to it.
-1. Next, we'll protect pages in the `Admin` folder with an Admin policy by making the following change to the `services.AddMvc()` call in `Startup.ConfigureServices`:
+1. Next, we'll protect pages in the `Admin` folder with an Admin policy by making the following change to the `services.AddRazorPages()` call in `Startup.ConfigureServices`:
 
    ```csharp
-   services.AddMvc()
-           .AddRazorPagesOptions(options =>
-           {
-              options.Conventions.AuthorizeFolder("/Admin", "Admin");
-           })
+   services.AddRazorPages(options =>
+   {
+       options.Conventions.AuthorizeFolder("/Admin", "Admin");
+   });
    ```
 
 ## Add a form for editing a session
@@ -415,8 +407,7 @@ In this module we're going to add the capability for users to register and sign-
          var session = await _apiClient.GetSessionAsync(id);
          Session = new Session
          {
-             ID = session.ID,
-             ConferenceID = session.ConferenceID,
+             Id = session.Id,
              TrackId = session.TrackId,
              Title = session.Title,
              Abstract = session.Abstract,
@@ -430,59 +421,58 @@ In this module we're going to add the capability for users to register and sign-
 1. Add the "{id}" route to the `EditSession.cshtml` form:
 
     ```html
-    @page "{id:int}"
+    @page "{id}"
     @model EditSessionModel
     ```
 
 1. Add the following edit form to `EditSession.cshtml`:
 
    ```html
-    <h3>Edit Session</h3>
-
-	<form method="post" class="form-horizontal">
-	    <div asp-validation-summary="All" class="text-danger"></div>
-	    <input asp-for="Session.ID" type="hidden" />
-	    <input asp-for="Session.ConferenceID" type="hidden" />
-	    <input asp-for="Session.TrackId" type="hidden" />
-	    <div class="form-group">
-		<label asp-for="Session.Title" class="col-md-2 control-label"></label>
-		<div class="col-md-10">
-		    <input asp-for="Session.Title" class="form-control" />
-		    <span asp-validation-for="Session.Title" class="text-danger"></span>
-		</div>
-	    </div>
-	    <div class="form-group">
-		<label asp-for="Session.Abstract" class="col-md-2 control-label"></label>
-		<div class="col-md-10">
-		    <textarea asp-for="Session.Abstract" class="form-control"></textarea>
-		    <span asp-validation-for="Session.Abstract" class="text-danger"></span>
-		</div>
-	    </div>
-	    <div class="form-group">
-		<label asp-for="Session.StartTime" class="col-md-2 control-label"></label>
-		<div class="col-md-10">
-		    <input asp-for="Session.StartTime" class="form-control" />
-		    <span asp-validation-for="Session.StartTime" class="text-danger"></span>
-		</div>
-	    </div>
-	    <div class="form-group">
-		<label asp-for="Session.EndTime" class="col-md-2 control-label"></label>
-		<div class="col-md-10">
-		    <input asp-for="Session.EndTime" class="form-control" />
-		    <span asp-validation-for="Session.EndTime" class="text-danger"></span>
-		</div>
-	    </div>
-	    <div class="form-group">
-		<div class="col-md-offset-2 col-md-10">
-		    <button type="submit" class="btn btn-primary">Save</button>
-		    <button type="submit" asp-page-handler="Delete" class="btn btn-danger">Delete</button>
-		</div>
-	    </div>
-	</form>
-    
-    @section Scripts {
+   <h3>Edit Session</h3>
+
+   <form method="post" class="form-horizontal">
+       <div asp-validation-summary="All" class="text-danger"></div>
+       <input asp-for="Session.Id" type="hidden" />
+       <input asp-for="Session.TrackId" type="hidden" />
+       <div class="form-group">
+           <label asp-for="Session.Title" class="col-md-2 control-label"></label>
+           <div class="col-md-10">
+               <input asp-for="Session.Title" class="form-control" />
+               <span asp-validation-for="Session.Title" class="text-danger"></span>
+           </div>
+       </div>
+       <div class="form-group">
+           <label asp-for="Session.Abstract" class="col-md-2 control-label"></label>
+           <div class="col-md-10">
+               <textarea asp-for="Session.Abstract" class="form-control"></textarea>
+               <span asp-validation-for="Session.Abstract" class="text-danger"></span>
+           </div>
+       </div>
+       <div class="form-group">
+           <label asp-for="Session.StartTime" class="col-md-2 control-label"></label>
+           <div class="col-md-10">
+               <input asp-for="Session.StartTime" class="form-control" />
+               <span asp-validation-for="Session.StartTime" class="text-danger"></span>
+           </div>
+       </div>
+       <div class="form-group">
+           <label asp-for="Session.EndTime" class="col-md-2 control-label"></label>
+           <div class="col-md-10">
+               <input asp-for="Session.EndTime" class="form-control" />
+               <span asp-validation-for="Session.EndTime" class="text-danger"></span>
+           </div>
+       </div>
+       <div class="form-group">
+           <div class="col-md-offset-2 col-md-10">
+               <button type="submit" class="btn btn-primary">Save</button>
+               <button type="submit" asp-page-handler="Delete" class="btn btn-danger">Delete</button>
+           </div>
+       </div>
+   </form>
+
+   @section Scripts {
         <partial name="_ValidationScriptsPartial" />
-    }
+   }
    ```
 1. Add code to handle the `Save` and `Delete` button actions in `EditSession.cshtml.cs`:
 
@@ -624,7 +614,7 @@ We're currently using `if` blocks to determine whether to show parts of the UI b
    public bool RequiresAuthentication { get; set; }
 
    [HtmlAttributeName("authz-policy")]
-   public string RequiredPolicy { get; set; } 
+   public string RequiredPolicy { get; set; }
    ```
 1. Add a `ViewContext` property:
    ```csharp
@@ -672,7 +662,7 @@ We're currently using `if` blocks to determine whether to show parts of the UI b
        {
            output.SuppressOutput();
        }
-   }   
+   }
    ```
 1. Register the new Tag Helper in the `_ViewImports.cshtml` file:
    ```html
@@ -687,11 +677,11 @@ We're currently using `if` blocks to determine whether to show parts of the UI b
 		@foreach (var speaker in session.Speakers)
 		{
 		    <li class="list-inline-item">
-			<a asp-page="Speaker" asp-route-id="@speaker.ID">@speaker.Name</a>
+			<a asp-page="Speaker" asp-route-id="@speaker.Id">@speaker.Name</a>
 		    </li>
 		}
 		<li authz-policy="Admin">
-		    <a asp-page="/Admin/EditSession" asp-route-id="@session.ID" class="btn btn-default btn-xs">Edit</a>
+		    <a asp-page="/Admin/EditSession" asp-route-id="@session.Id" class="btn btn-default btn-xs">Edit</a>
 		</li>
 	    </ul>
 	</div>
