NET 8 Blazor Cookie Authentication and Authorization Policy not the same as in NET 7 #52222
Closed
1 task done
Labels
area-blazor
Includes: Blazor, Razor Components
Is there an existing issue for this?
Describe the bug
I've got a NET 8 Blazor (Interactive Server - Per page/component interactivity) application where Cookie Authentication has been added.
I handle cookie authentication via a minimal api endpoint, where I interact with the
HttpContext
and create aClaimsPrincipal
and callcontext.SignInAsync
. Subsequently, aResults.Redirect
call reloads the Blazor page where Authorization is now in effect.The issue occurs when I add an authorization policy, such as:
If I add the following to a routable component, for example the
counter
page:And if the policy is not satisfied with the required claim, then the page redirects to the cookie's configured LoginPath.
However, I'm already logged on and I expect the Routes.Razor
<NotAuthorized>
template directive to render in the Blazor component instead of a redirect to the default LoginPath/Account/AccessDenied?ReturnUrl=
Expected Behavior
I'm expecting this to work as it did on NET 7. On Net 7, the authorized component correctly renders the
<NotAuthorized>
template directive when the policy based authorization requirement is not met.Here's my
Routes.razor
code:Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
8
Anything else?
No response
The text was updated successfully, but these errors were encountered: