RevalidatingAuthenticationStateProvider.ValidateAuthenticationStateAsync is never called

[keysmusician]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

I believe I have encountered this same issue: #53286.

RevalidatingAuthenticationStateProvider.ValidateAuthenticationStateAsync is never called.

Expected Behavior

ValidateAuthenticationStateAsync should be called every RevalidationInterval.

Steps To Reproduce

Subclass RevalidatingServerAuthenticationStateProvider:

public class CustomAuthenticationStateProvider : RevalidatingServerAuthenticationStateProvider
{
    public CustomAuthenticationStateProvider(ILoggerFactory loggerFactory) : base(loggerFactory)
    {}
    protected override TimeSpan RevalidationInterval => TimeSpan.FromSeconds(5);

    public override async Task<AuthenticationState> GetAuthenticationStateAsync()
    {
        return await Task.FromResult(
            new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity(
                new List<Claim>{new Claim(ClaimTypes.Expiration, DateTime.UtcNow.AddMinutes(1).ToString("o"))},
                "CustomAuth"
            ))));
    }

    protected override Task<bool> ValidateAuthenticationStateAsync(AuthenticationState authenticationState, CancellationToken cancellationToken)
    {
        Console.WriteLine("Validating authentication state...");
        string? expirationTimestamp = authenticationState.User.Claims.FirstOrDefault(claim => claim.Type == ClaimTypes.Expiration)?.Value;

        if (DateTime.TryParse(expirationTimestamp, out var expirationTime))
        {
            var result = expirationTime < DateTime.UtcNow;
            Console.WriteLine(result ? "Authentication state valid." : "Authentication state expired.");
            return Task.FromResult(result);
        }

        Console.WriteLine("Authentication state invalid.");
        return Task.FromResult(false);
    }
}

Register the subclass in the IServiceCollection as a scoped service as an implementation class for AuthenticationStateProvider.

var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorPages();
builder.Services.AddServerSideBlazor();

// Register CustomAuthenticationStateProvider:
builder.Services.AddScoped<AuthenticationStateProvider, CustomAuthenticationStateProvider>();


var app = builder.Build();

app.UseStaticFiles();

app.UseRouting();

app.MapBlazorHub();
app.MapFallbackToPage("/_Host");

app.Run();

Add the CascadingAuthenticationState component and an AuthorizedView to the app:

@using Microsoft.AspNetCore.Components.Authorization

<Microsoft.AspNetCore.Components.Authorization.CascadingAuthenticationState>
    <Router AppAssembly="@typeof(App).Assembly">
        <Found Context="routeData">
            <AuthorizeView>
                <Authorized>
                    <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
                    <FocusOnNavigate RouteData="@routeData" Selector="h1" />
                </Authorized>
                <NotAuthorized>
                    <LayoutView Layout="@typeof(MainLayout)">
                        <p>You're not authorized to view this page.</p>
                    </LayoutView>
                </NotAuthorized>
            </AuthorizeView>
        </Found>
        <NotFound>
            <PageTitle>Not found</PageTitle>
            <LayoutView Layout="@typeof(MainLayout)">
                <p role="alert">Sorry, there's nothing at this address.</p>
            </LayoutView>
        </NotFound>
    </Router>
</Microsoft.AspNetCore.Components.Authorization.CascadingAuthenticationState>

Run the app and observe that RevalidatingAuthenticationStateProvider.ValidateAuthenticationStateAsync is never called.

Exceptions (if any)

No response

.NET Version

9.0.101

Anything else?

No response

[dotnet-policy-service]

Thank you for filing this issue. In order for us to investigate this issue, please provide a minimal repro project that illustrates the problem without unnecessary code. Please share with us in a public GitHub repo because we cannot open ZIP attachments, and don't include any confidential content.

[dotnet-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.

See our Issue Management Policies for more information.