#SharePointProblems | Koskila.net
Solutions are worthless unless shared! Antti K. Koskela's Personal Professional Blog

How to disable "Register" action in ASP.NET Core?

koskila
Reading Time 5 min
Word Count 724 words
Comments 10 comments
Rating 4.8 (11 votes)
#aspnetcore #authentication #c #netcore #netcore3
View
Share on X Share on LinkedIn Share on Facebook Share on Bluesky Share via Email

Sometimes you'll need the default identity for your ASP.NET Core application, but want to disable the registration of new users. Sounds pretty basic, right? However, there's actually no easy switch you can just flip to enable or disable said functionality.

I went through a lot of different articles and ideas by other people. Most of them involved fiddling with IdentityController, creating new scaffolded pages, adding new Actions with redirection code, and who knows what else... But who wants to fiddle with Identity? It's glitchy and brittle enough that if you can, avoid customizing anything there.

Scaffolding:

ASP.NET Scaffolding is a code generation framework for ASP.NET Web applications. You add scaffolding to your project when you want to quickly add code that interacts with data models. Using scaffolding can reduce the amount of time to develop standard data operations in your project.

docs.microsoft.com

So, you'd better find a workaround!

Background of the issue

If you just search for "How to disable "Register" action in ASP.NET Core?" you do get a lot of results. Quite a few of them revolve around overriding multiple pages for the Identity -Area in your application. This requires scaffolding them first, and is just quite a pain.

Time needed: 30 minutes.

A great example of this would be "To disable user registration" -section of Microsoft's documentation. It goes like this:

  1. Scaffold Identity. Include Account.Register, Account.Login, and Account.RegisterConfirmation.

  2. Update Areas/Identity/Pages/Account/Register.cshtml.cs so users can't register from this endpoint

  3. Update Areas/Identity/Pages/Account/Register.cshtml to be consistent with the preceding changes

  4. Comment out or remove the registration link from Areas/Identity/Pages/Account/Login.cshtml

  5. Update the Areas/Identity/Pages/Account/RegisterConfirmation page.

    1. Remove the code and links from the cshtml file.
    2. Remove the confirmation code from the PageModel

  6. Does this look like a lot?

    Because it is! But fear not, there's a better way available - see below...

Source: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-3.1&tabs=visual-studio#disable-register-page

That's overall 5 steps, editing 4 different files, only after scaffolding 3 new items to your solution!

What an overkill, am I right?

Fact of the matter is, this is slow, to my experience prone to breaking, and ultimately, very unnecessary.

Why? Because there's another workaround available, and it'll actually only take you 2 minutes to implement!

Solution

Well, it's actually a lot easier this way. No scaffolding required, no need to override any pages that you'd really not like to override.

In short, there's just 2 things to do:

  1. We'll want to disable the link to register, and
  2. Force a redirection away from the register form.

Achieving this is pretty simple. The following code changes are required.

Changes in _LoginPartial.cshtml:

@*<li class="nav-item">
  <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Register">Register</a>
</li>*@

This'll hide the Register -link from the LoginPartial for users that haven't logged in.

How to disable the "Register" link from the LoginPartial.cshtml.

How to disable the "Register" link from the LoginPartial.cshtml.

Then you'll need to take care to redirect anyone trying to access the Register -page. This'll happen by adding 2 new routes like here:

endpoints.MapGet("/Identity/Account/Register", context => Task.Factory.StartNew(() => context.Response.Redirect("/Identity/Account/Login", true, true)));

endpoints.MapPost("/Identity/Account/Register", context => Task.Factory.StartNew(() => context.Response.Redirect("/Identity/Account/Login", true, true)));

Below, you can see these changes in a larger context of Startup.cs -file.

Changes in Startup.cs:
using Microsoft.AspNetCore.Identity;

// The rest omitted for clarity

namespace Contoso.Web
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddDefaultIdentity<IdentityUser>()
                .AddEntityFrameworkStores<ApplicationDbContext>();

            // The rest omitted for clarity
        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            // You probably have these already - critical for this to work, too:
            app.UseRouting();
            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/Identity/Account/Register", context => Task.Factory.StartNew(() => context.Response.Redirect("/Identity/Account/Login", true, true)));
                endpoints.MapPost("/Identity/Account/Register", context => Task.Factory.StartNew(() => context.Response.Redirect("/Identity/Account/Login", true, true)));

                // Omitted for clarity
            });
        }
    }
}

What does the code do, then? Well - it might be pretty self-explanatory, but let me clarify it anyway.

Obviously, you need to have configured Identity, Authorization and Authentication for .NET Core (the example above shows most of the groundwork). After that's done, you'll need to map the path - or route - "/Identity/Account/Register" for both GET and POST to execute a new Thread, that'll then forcefully redirect the browser to "/Identity/Account/Login" instead. This'll redirect all users clicking a "Register" link, trying to access the page with an address directly, or sending a POST request to the controller.

Okay, that's a bit of a mouthful... But just give it a try and see how it works for you!

Share on X Share on LinkedIn Share on Facebook Share on Bluesky Share via Email

Related Posts

How to solve 'DbContextOptionsBuilder' does not contain a definition for 'UseSqlServer' error in .NET Core?

5y agoby koskila
#c#netcore#netcore3...

How to use UriHelper or NavigationManager in .NET Core 3.0 & Blazor?

5y agoby koskila
#aspnetcore#blazor#netcore...

How to resolve build failing with .NET Core 3 and Microsoft.AspNetCore.Mvc.Versioning

6y agoby koskila
#aspnetcore#netcore#netcore3

Comments

Interactive comments not implemented yet. Showing legacy comments migrated from WordPress.
Zacho
2020-06-30 10:34:55)
Outstanding, works like magic :)
Antti K. Koskela
2020-07-01 00:24:09
Happy to hear that! :)
SonGokussj4
2020-10-07 23:34:21)
Hi Antti, really great quick solution! Thank you (I'm kind of new to ASP Core MVC). But I have a problem, I need to be able to register new people but only for my account when I'm logged in. So some kind of check, If loggin username == "xxx", then allow register and don't do the redirect. Any thought on how to do that? The only solution that came to my mind is to redirect to some mid-controller where I check the user, if user OK, redirect to Register, if not, redirect to login. Is this ok?
Antti K. Koskela
2020-10-10 22:30:35
Hi there! If I were you, I'd either scaffold the out-of-the-box pages for Identity and force the registration form (and if it also exposes the API implementation, then it too) to only be accessible to logged in users, or I'd create a completely custom form for generating new user accounts. You can do the latter by using UserManager service, I suppose somewhat like in this tutorial: https://www.tutorialspoint.com/asp.net_core/asp.net_core_create_a_user.htm Let me know how it goes!
Sean Kearon
2020-11-28 21:49:18)
Thanks, this was useful!
Antti K. Koskela
2020-11-29 10:31:04
Thanks for your comment, Sean - happy to hear it was helpful! :)
Jason
2021-02-21 06:11:26)
Here's Microsoft's official documentation on how to disable the Registration page. https://docs.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-5.0&tabs=visual-studio#disable-a-page
Antti K. Koskela
2021-02-25 17:52:12
Thanks for sharing, Jason! Always nice to see Microsoft (or the community) patching the gaps in the docs or scaffolding :)
Rocks
2021-06-05 20:37:55)
I have created a .net core mvc project for school with individual accounts authentication, I'm pretty much done with the app but I want remove the registration and login with email type of authentication and replace it with a simple 1 user (with Admin role) login with just a hard codded user name and password but I found the solutions on the internet complicated since I'm only a beginner in .net core . is there a simple way to do it? or should I just recreate the project again with the "No authentication" option. Thanks in advance.
Antti K. Koskela
2021-06-08 14:57:53
Hi Rocks, Wouldn't the easiest way to achieve that be by creating the project with Individual Accounts, registering your admin account and then disabling registration? As a general rule, I'd always avoid hard-coding any credentials, just to establish a healthy practice, if nothing else... :D Good luck with your project!
← Back to home
github x linkedin dev.to bluesky sessionize slideshare youtube thoughts on tech antti koskela
Whitewater Magpie Ltd.
© 2025
Static Site Generation timestamp: 2025-08-19T05:06:15Z