search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.43k stars 10.02k forks source link

NotAuthroized Does Not Work With Windows Authentication Blazor 8 #53100

Open chobo2 opened 10 months ago

chobo2 commented 10 months ago

Is there an existing issue for this?

Describe the bug

Hi

I am using Balzo 8 with Server / Per Page / Per Component and I cannot get the "NotAuthorized" tag to work.

Routes.razor

    @using Microsoft.AspNetCore.Components.Authorization
    <Router AppAssembly="@typeof(Program).Assembly">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(Layout.MainLayout)">
                <NotAuthorized>
                    Not Authroized
                </NotAuthorized>
            </AuthorizeRouteView>
            <FocusOnNavigate RouteData="@routeData" Selector="h1" />
        </Found>
    </Router>

Weather.razor

    @page "/weather"
    @using Microsoft.AspNetCore.Authorization
    @attribute [StreamRendering]
    @attribute [Authorize(Roles = "test")]
    <PageTitle>Weather</PageTitle>

    <h1>Weather</h1>

    <p>This component demonstrates showing data.</p>

    @if (forecasts == null)
    {
        <p><em>Loading...</em></p>
    }
    else
    {
        <table class="table">
            <thead>
                <tr>
                    <th>Date</th>
                    <th>Temp. (C)</th>
                    <th>Temp. (F)</th>
                    <th>Summary</th>
                </tr>
            </thead>
            <tbody>
                @foreach (var forecast in forecasts)
                {
                    <tr>
                        <td>@forecast.Date.ToShortDateString()</td>
                        <td>@forecast.TemperatureC</td>
                        <td>@forecast.TemperatureF</td>
                        <td>@forecast.Summary</td>
                    </tr>
                }
            </tbody>
        </table>
    }

    @code {
        private WeatherForecast[]? forecasts;

        protected override async Task OnInitializedAsync()
        {
            // Simulate asynchronous loading to demonstrate streaming rendering
            await Task.Delay(500);

            var startDate = DateOnly.FromDateTime(DateTime.Now);
            var summaries = new[] { "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" };
            forecasts = Enumerable.Range(1, 5).Select(index => new WeatherForecast
            {
                Date = startDate.AddDays(index),
                TemperatureC = Random.Shared.Next(-20, 55),
                Summary = summaries[Random.Shared.Next(summaries.Length)]
            }).ToArray();
        }

        private class WeatherForecast
        {
            public DateOnly Date { get; set; }
            public int TemperatureC { get; set; }
            public string? Summary { get; set; }
            public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
        }
    }

Program.cs

 using BlazorApp11.Components;
    using Microsoft.AspNetCore.Authentication.Negotiate;

    namespace BlazorApp11
    {
        public class Program
        {
            public static void Main(string[] args)
            {
                var builder = WebApplication.CreateBuilder(args);

                // Add services to the container.
                builder.Services.AddRazorComponents()
                    .AddInteractiveServerComponents();

                builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme);

                builder.Services.AddAuthorization(options =>
                {
                    options.FallbackPolicy = options.DefaultPolicy;
                });

                builder.Services.AddCascadingAuthenticationState();

                var app = builder.Build();

                // Configure the HTTP request pipeline.
                if (!app.Environment.IsDevelopment())
                {
                    app.UseExceptionHandler("/Error");
                    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                    app.UseHsts();
                }

                app.UseHttpsRedirection();

                app.UseStaticFiles();
                app.UseAntiforgery();

                app.MapRazorComponents<App>()
                    .AddInteractiveServerRenderMode();

                app.Run();
            }
        }
    }

Am I missing something? When I go to the Weather Page, I get 403 Forbidden with none of my layout. I was expecting to see "Not Authorized"

I created a Blazor 6 application with the Windows Authentication template and compared, but I am not sure what I am missing.

I also see when I use the Individual Identity it has the "NotAuthorized" and it seems to work.

Expected Behavior

To see my message I written in the NotAuthorized Tag.

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

Net 8

Anything else?

No response

chobo2 commented 9 months ago

There's a new docs issue on this subject at: dotnet/AspNetCore.Docs#31402

There are at least a couple of PU issues that seem related to this ...

For this specific concern over NotAuthorized content failing to appear, I'm looking at Javier's comment ...

During [static] SSR we won't show NotAuthorized, because your component doesn't even get to render.

I added [static] because I think the remark means 'not interactive'.

UPDATE: The full investigation at #52176 lists the other related issues that devs have opened.

Hi

So this is a known issue? I looked through the links you have but I am having trouble following along. Is there a solution to this?

I see if you change it from "Per Component" back to "Global" then everything works but I do want to stay with "Per Component".