Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve auth state provider guidance for BWAs #31496

Closed
PMcVries opened this issue Jan 18, 2024 · 3 comments · Fixed by #31503
Closed

Improve auth state provider guidance for BWAs #31496

PMcVries opened this issue Jan 18, 2024 · 3 comments · Fixed by #31503
Assignees
@guardrex
Labels
8.0 .NET 8 aspnet-core/svc doc-enhancement Pri1 security/subsvc Source - Docs.ms Docs Customer feedback via GitHub Issue

Comments

@PMcVries
Copy link

Description

Following the documentation I came across an issue configuring authentication and authorization for a Blazor Server app. The [Authorize] attribute kept redirecting to (I assume) my authentication scheme's fallback path instead of just displaying the fallback message "Not authorized. I used Cookie Authentication. Neither role-based, policy-based nor the default policy was recognized.
After some research I've found this workaround to fix this problem. https://github.com/dotnet/aspnetcore/issues/52317#issuecomment-1830673284

The workaround just inserts a middleware step and assumingly skips the redirections issue.

Please add this information into the documentation since it seems to be a recent problem since the introduction of .NET 8.
Thank you!

Page URL

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/?view=aspnetcore-8.0#additional-resources

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/index.md

Document ID

1247ee64-fbc9-ce29-0710-f6e59380f5ee

Article author

@guardrex
@PMcVries
Copy link
Author

@AdmiralSnyder fyi

@guardrex
Copy link
Collaborator

guardrex commented Jan 18, 2024
edited
Loading

Thanks, @PMcVries ... I'll get on this tomorrow or early next week.

dotnet/aspnetcore#52317 (comment)

@guardrex guardrex self-assigned this Jan 18, 2024
@github-project-automation github-project-automation bot moved this to Triage in Blazor.Docs Jan 18, 2024
@guardrex guardrex moved this from Triage to 8.0 in Blazor.Docs Jan 18, 2024
@guardrex guardrex mentioned this issue Jan 18, 2024
Closed
@guardrex
Copy link
Collaborator

I don't think we'll document the workaround. We're more interested in Surayya's suggestion ...

it's better if you perform the authentication within the ASP.NET Core auth system and your authentication state provider only takes care of reflecting that state.

I think the one she's referring to this this one ...

https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs

That one, along with the other auth state providers, is covered in the article, but it's only a quick mention and cross-link to the reference source.

I'll use this issue to both call out the behavior and clarify that these project template-based approaches are what the PU recommends.

@guardrex guardrex changed the title .NET 8 Authorize Attribute Issue Improve auth state provider guidance for BWAs Jan 18, 2024
@guardrex guardrex mentioned this issue Jan 18, 2024
Merged
@github-project-automation github-project-automation bot moved this from 8.0 to Done in Blazor.Docs Jan 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@guardrex guardrex

Labels
8.0 .NET 8 aspnet-core/svc doc-enhancement Pri1 security/subsvc Source - Docs.ms Docs Customer feedback via GitHub Issue
Projects
Blazor.Docs
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve auth state provider guidance dotnet/AspNetCore.Docs
3 participants
@guardrex @dotnet-bot @PMcVries