2

How can I configure my Blazor WebAssembly to require authenticated users for the entire app rather than mark each page or controllers with the [Authorize] attribute?

My app should only allow authorized users, and the recommended configuration loads a little bit of the page before redirecting to the login.

Tom Crosman
  • 1,137
  • 1
  • 12
  • 37
  • What about to define: `public class AuthComponentBase: ComponentBase` with `[Authorize]` and inherit your components from it? – dani herrera Mar 15 '21 at 17:53

4 Answers4

0

If your app is stand alone an easy way is simply add a new _Imports.razor in the pages folder. Then put this line in it.

@attribute [Authorize]

If it is self hosted. Try this link to add global Auth with no tokens in the browser.

Brian Parker
  • 11,946
  • 2
  • 31
  • 41
0

How can I configure my Blazor WebAssembly to require authenticated users for the entire app rather than mark each page or controllers with the [Authorize] attribute?

You can check the authentication status on the main page's load and decide what to do next.

My app should only allow authorized users, and the recommended configuration loads a little bit of the page before redirecting to the login.

Copy code bellow to the Index.razor

@inject NavigationManager Navigation
@code{ 

    [CascadingParameter]
    private Task<AuthenticationState> authenticationStateTask { get; set; }

    protected async override Task OnInitializedAsync()
    {
        base.OnInitialized();

        var authState = await authenticationStateTask;
        var user = authState.User;

        if(!user.Identity.IsAuthenticated)
        {
            Navigation.NavigateTo($"authentication/login?returnUrl={Uri.EscapeDataString(Navigation.Uri)}");
        }
    }
}

There is some other solutions suggesting to add @attribute [Microsoft.AspNetCore.Authorization.Authorize] on _Imports.cs and @attribute [Microsoft.AspNetCore.Authorization.AllowAnonymous] on the pages which doesnt need authorization. This never worked for me as expected, but good to know about it.

nahidf
  • 2,260
  • 1
  • 15
  • 22
0

Try using [Authorize] in your layout page.

Bennyboy1973
  • 3,413
  • 2
  • 11
  • 16
0

My app should only allow authorized users, and the recommended configuration loads a little bit of the page before redirecting to the login.

You should be doing this in the App.razor file. It will execute way before anything else and will ensure the user is authenticated and authorized before rendering any other component.

<CascadingAuthenticationState>
    <Router AppAssembly="@typeof(Program).Assembly" PreferExactMatches="@true">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
                <NotAuthorized>
                    @if (context.User.Identity != null && !context.User.Identity.IsAuthenticated)
                    {
                        <RedirectToLogin />
                    }
                    else
                    {
                        <p>You are not authorized to access this resource.</p>
                    }
                </NotAuthorized>
                <Authorizing>
                    <Loader />
                </Authorizing>
            </AuthorizeRouteView>
        </Found>
        <NotFound>
            <LayoutView Layout="@typeof(MainLayout)">
                <div class="row justify-content-center">
                    <div class="col text-center">
                        <h2>Looks like you're lost, we didn't find anything at this location.</h2>
                        <p>Try navigating to the Dashboard or going back in the browser.</p>
                    </div>
                </div>
            </LayoutView>
        </NotFound>
    </Router>
</CascadingAuthenticationState>
Cory Podojil
  • 776
  • 2
  • 10