Allow customizing AccessDeniedPath through IdentityServerOptions

[alexax578]

I would like to be able to configure CookieAuthenticationOptions.AccessDeniedPath so I can create a custom Access Denied page without depending on CookieAuthenticationDefaults.AccessDeniedPath.

It could be a AccessDeniedUrl property on UserInteractionOptions.

In my scenario I have custom pages that require specific user permissions and therefore users can be redirected to the access denied page by trying to access these pages without sufficient permissions.

[maartenba]

Hi @alexax578 ! The call to the builder.Services.AddIdentityServer() extension method configures CookieAuthenticationOptions, but you could use IConfigureOptions to update the configuration.

You could implement a custom IConfigureNamedOptions to update configuration for this scheme:

// Register ConfigureIdentityServerCookieOptions
builder.Services.AddSingleton<IConfigureOptions<CookieAuthenticationOptions>, ConfigureIdentityServerCookieOptions>();

// ConfigureIdentityServerCookieOptions
public class ConfigureIdentityServerCookieOptions : IConfigureNamedOptions<CookieAuthenticationOptions>
{
    public void Configure(CookieAuthenticationOptions options)
    {
    }

    public void Configure(string name, CookieAuthenticationOptions options)
    {
        // Note: When using Duende IdentityServer *without* ASP.NET Identity,
        // use IdentityServerConstants.DefaultCookieAuthenticationScheme here
        //
        // When using ASP.NET Identity, use IdentityConstants.ApplicationScheme

        if (name == ...)
        {
            options.AccessDeniedPath = "/Custom/AccessDenied";
        }
    }
}

[alexax578]

Hi @maartenba! Thank you so much for your answer. This did the trick for me.

I would prefer if it was possible to configure it directly through UserInteractionOptions though I understand it may not be desired. But if it is I don't mind sumbitting a PR for it.