8

I ran into some strange behaviour with the authorization in Blazor with .NET 8. The sample is a slightly modified version of the Blazor Web App template with its default settings (no authorization).

I did manually add authorization because our requirements are not met with the default authorization template of Blazor. I explain further down below what I did to add authorization.

With authorization enabled and the home page marked with the Authorize attribute, I expect the website to show me the text "Login" when I start it because I am not authorized:

Routes.razor

<Router AppAssembly="@typeof(Program).Assembly">
    <Found Context="routeData">
        <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
            <NotAuthorized>
                <span>Login</span>
            </NotAuthorized>
        </AuthorizeRouteView>
        <FocusOnNavigate RouteData="@routeData" Selector="h1" />
    </Found>
</Router>

Home.razor

@page "/"

@using Microsoft.AspNetCore.Authorization

@attribute [Authorize]

@...

However, the expected behaviour does not happen. Instead I get a 401 error on the very first web request and nothing is shown.

To make things even more strange, when I completely remove the Routes component from the App.razor file (which appears to be some sort of an entry point for the entire website) I still get the same 401 error even though there is no routing at all to the Home component:

App.razor

<!DOCTYPE html>
<html lang="en">

<!-- ... -->

<body>
    Hello App
    @* <Routes @rendermode="@InteractiveAuto" /> *@
    <script src="_framework/blazor.web.js"></script>
</body>

</html>

If on the other hand I remove the Authorize attribute from the Home component (which isn't even referenced), the website suddenly works and shows "Hello App" from the App.razor file as expected. However, I want the Home component to require authorization.

It appears that Blazor is doing some additional routing outside the Router component even though it makes no sense at all.

Can someone explain this strange behaviour and how can I get the Routes component to show the NotAuthorized fragment when I am not authorized?

To enable authorization in the default Blazor Web Template I did the following modifications:

  • Install the Microsoft.AspNetCore.Components.WebAssembly.Authentication NuGet package to get the AuthorizeRouteView component and modify the Routes.razor file like in the example shown above.
  • Add builder.Services.AddAuthorizationCore(); in the Program.cs file of the Client project.
  • Add builder.Services.AddAuthentication(BearerTokenDefaults.AuthenticationScheme).AddBearerToken(); in the Server project.

You find the complete sample project in my GitHub repository at https://github.com/AntMaster7/BlazorApp3.

Improve this question
1
  • 2
    My guess is you're application is pre-rendering on server and you don't have enough services configured for it to handle the request, so you're getting a 404 because it doesn't know what else to do. Try tuning off pre-rendering. We're all new to some of these new configurations.
    – MrC aka Shaun Curtis
    Commented Dec 20, 2023 at 19:31

2 Answers 2

Reset to default
19

Create class

public class AuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
    public Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
    {
        return next(context);
    }
}

Add Handler

services.AddSingleton<IAuthorizationMiddlewareResultHandler, AuthorizationMiddlewareResultHandler>();

Thats All, it's a blazor server .Net 8 template bug

I hope this help, work for me

Improve this answer
4
  • 5
    Been searching for hours for this problem! Can't believe this is the solution, thanks a lot @jorg3_roch4!
    – Franky
    Commented Jan 23, 2024 at 21:20
  • 1
    Worked for me as well on the upgrade blocking blazor.web.js with a 401
    – bbqchickenrobot
    Commented Mar 18, 2024 at 12:20
  • 1
    Worked like a charm in my Blazor 8 SSR project. Here's the link to a related GitHub issue: github.com/dotnet/aspnetcore/issues/…
    – Łukasz Sypniewski
    Commented Jul 25, 2024 at 18:50
  • This does remove the error and most people will see this as a fix, but when API is also in the Blazor project, then authorization will not work on the endpoints - any user can execute [Authorize]'d endpoints. This is because IAuthorizationMiddlewareResultHandler is used in the authorization process and when you override its implementation - to allow everything by just doing return next(context), it will not go well with APIs too.
    – DM-98
    Commented Oct 22, 2024 at 17:14
0

For me doing the above indeed fixed the routing issue but now I am not getting authenticated at all when i check the authenticationstate. if i remove the registered service then authentication works fine. I am using Windows authentication by the way

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.