Joseph Doherty
26 lines
1.2 KiB
Plaintext
26 lines
1.2 KiB
Plaintext
@page "/login"
|
|
@layout LoginLayout
|
|
@* Login MUST stay anonymously reachable — otherwise the fallback authorization policy
|
|
would lock operators out of the only way in (Admin-001). Static-rendered on purpose:
|
|
the form POSTs to /auth/login while ASP.NET still owns an unstarted HTTP response.
|
|
Calling SignInAsync from an interactive circuit would be too late.
|
|
|
|
Uses LoginLayout (no side rail) so the page renders as a clean centred card.
|
|
The card itself is the shared kit's <LoginCard> — it owns the .login-wrap centring
|
|
wrapper, the .panel shell, and the static form-POST (username/password/returnUrl). *@
|
|
@attribute [Microsoft.AspNetCore.Authorization.AllowAnonymous]
|
|
|
|
<LoginCard Product="OtOpcUa Admin" Action="/auth/login" ReturnUrl="@ReturnUrl" Error="@Error">
|
|
<AntiforgeryToken />
|
|
</LoginCard>
|
|
|
|
@code {
|
|
/// <summary>Error message surfaced by /auth/login after a failed bind.</summary>
|
|
[SupplyParameterFromQuery]
|
|
private string? Error { get; set; }
|
|
|
|
/// <summary>Original protected URL the operator was bounced from; round-tripped to the endpoint.</summary>
|
|
[SupplyParameterFromQuery]
|
|
private string? ReturnUrl { get; set; }
|
|
}
|