aspnetcore icon indicating copy to clipboard operation
aspnetcore copied to clipboard

Published 20 hours ago verified publisher icon dotnet

NotAuthroized Does Not Work With Windows Authentication Blazor 8

Open chobo2 opened this issue 1 year ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Describe the bug

Hi

I am using Balzo 8 with Server / Per Page / Per Component and I cannot get the "NotAuthorized" tag to work.

Routes.razor

    @using Microsoft.AspNetCore.Components.Authorization
    <Router AppAssembly="@typeof(Program).Assembly">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(Layout.MainLayout)">
                <NotAuthorized>
                    Not Authroized
                </NotAuthorized>
            </AuthorizeRouteView>
            <FocusOnNavigate RouteData="@routeData" Selector="h1" />
        </Found>
    </Router>

Weather.razor

    @page "/weather"
    @using Microsoft.AspNetCore.Authorization
    @attribute [StreamRendering]
    @attribute [Authorize(Roles = "test")]
    <PageTitle>Weather</PageTitle>
    
    <h1>Weather</h1>
    
    <p>This component demonstrates showing data.</p>
    
    @if (forecasts == null)
    {
        <p><em>Loading...</em></p>
    }
    else
    {
        <table class="table">
            <thead>
                <tr>
                    <th>Date</th>
                    <th>Temp. (C)</th>
                    <th>Temp. (F)</th>
                    <th>Summary</th>
                </tr>
            </thead>
            <tbody>
                @foreach (var forecast in forecasts)
                {
                    <tr>
                        <td>@forecast.Date.ToShortDateString()</td>
                        <td>@forecast.TemperatureC</td>
                        <td>@forecast.TemperatureF</td>
                        <td>@forecast.Summary</td>
                    </tr>
                }
            </tbody>
        </table>
    }
    
    @code {
        private WeatherForecast[]? forecasts;
    
        protected override async Task OnInitializedAsync()
        {
            // Simulate asynchronous loading to demonstrate streaming rendering
            await Task.Delay(500);
    
            var startDate = DateOnly.FromDateTime(DateTime.Now);
            var summaries = new[] { "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" };
            forecasts = Enumerable.Range(1, 5).Select(index => new WeatherForecast
            {
                Date = startDate.AddDays(index),
                TemperatureC = Random.Shared.Next(-20, 55),
                Summary = summaries[Random.Shared.Next(summaries.Length)]
            }).ToArray();
        }
    
        private class WeatherForecast
        {
            public DateOnly Date { get; set; }
            public int TemperatureC { get; set; }
            public string? Summary { get; set; }
            public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
        }
    }

Program.cs

using BlazorApp11.Components;
 using Microsoft.AspNetCore.Authentication.Negotiate;
 
 namespace BlazorApp11
 {
 	public class Program
 	{
 		public static void Main(string[] args)
 		{
 			var builder = WebApplication.CreateBuilder(args);
 
 			// Add services to the container.
 			builder.Services.AddRazorComponents()
 				.AddInteractiveServerComponents();
 
 			builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme);
 
 			builder.Services.AddAuthorization(options =>
 			{
 				options.FallbackPolicy = options.DefaultPolicy;
 			});
 
 			builder.Services.AddCascadingAuthenticationState();
 
 			var app = builder.Build();
 
 			// Configure the HTTP request pipeline.
 			if (!app.Environment.IsDevelopment())
 			{
 				app.UseExceptionHandler("/Error");
 				// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
 				app.UseHsts();
 			}
 
 			app.UseHttpsRedirection();
 
 			app.UseStaticFiles();
 			app.UseAntiforgery();
 
 			app.MapRazorComponents<App>()
 				.AddInteractiveServerRenderMode();
 
 			app.Run();
 		}
 	}
 }

Am I missing something? When I go to the Weather Page, I get 403 Forbidden with none of my layout. I was expecting to see "Not Authorized"

I created a Blazor 6 application with the Windows Authentication template and compared, but I am not sure what I am missing.

I also see when I use the Individual Identity it has the "NotAuthorized" and it seems to work.

Expected Behavior

To see my message I written in the NotAuthorized Tag.

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

Net 8

Anything else?

No response

chobo2 avatar Jan 02 '24 22:01 chobo2

There's a new docs issue on this subject at: dotnet/AspNetCore.Docs#31402

There are at least a couple of PU issues that seem related to this ...

For this specific concern over NotAuthorized content failing to appear, I'm looking at Javier's comment ...

During [static] SSR we won't show NotAuthorized, because your component doesn't even get to render.

I added [static] because I think the remark means 'not interactive'.

UPDATE: The full investigation at #52176 lists the other related issues that devs have opened.

Hi

So this is a known issue? I looked through the links you have but I am having trouble following along. Is there a solution to this?

I see if you change it from "Per Component" back to "Global" then everything works but I do want to stay with "Per Component".

chobo2 avatar Jan 11 '24 17:01 chobo2