Does Blazor.Auth override the default .net policies for JwtBearer?

Open drakoo320 opened this issue 5 months ago • 1 comments

In my Blazor app, I use OData, so I added a new controller:

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[ApiController]
public class MyController
: ODataController
{
...
}

In program.cs, I correctly added:

services.AddAuthentication(...)
.AddJwtBearer(...)

The token settings are the same as those in BuildJwt used in Blazor.Auth and:

jwtBearerOptions.Events.OnMessageReceived = context =>
{
if (context.Request.Cookies.ContainsKey("AccessToken"))
{
context.Token = context.Request.Cookies["AccessToken"];
}

return Task.CompletedTask;
};

Then in program.cs in order:

app.UseAuthentication();
app.UseAuthorization();
...
app.MapControllers();
app.Run();

But despite the [Authorize] attribute, the endpoints in the controller execute for a unlogged user: User.Identity.IsAuthenticated == false.

Jul 17 '25 06:07 drakoo320

@drakoo320 Do you still have issues?

Nov 14 '25 22:11 sdktraceur