Blazor @attribute [Authorize] 标记不起作用

Question

我有一个可用的 .NET Core 3.0 MVC 网站，使用 AzureAD 进行身份验证，一切正常。我已经开始将一些前端页面迁移到 Blazor（在同一个项目中），但无法进行身份验证。

我已将 @attribute [Authorize] 标记添加到 Index.razor 的顶部，但我没有像将其添加到标准 ASP.NET MVC 控制器时那样重定向到 Azure 进行登录。

启动.配置服务

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
    Configuration.GetSection("OpenIdConnect").Bind(options);
});
services.AddAuthorizationCore(options =>
{
    options.AddPolicy(Policies.AccessRole, Policies.IsAccessPolicy());
    options.AddPolicy(Policies.AdminRole, Policies.IsAdminPolicy());
});

启动.配置

app.UseAuthentication();
app.UseAuthorization();

Index.razor

@page "/"
@attribute [Authorize(Policy = Policies.AccessRole)]

政策

public static class Policies
{
    public const string AccessRole = "Access";
    public const string AdminRole = "Admin";

    public static AuthorizationPolicy IsAccessPolicy()
    {
        return new AuthorizationPolicyBuilder().RequireAuthenticatedUser()
                                               .RequireRole(AccessRole)
                                               .Build();
    }

    public static AuthorizationPolicy IsAdminPolicy()
    {
        return new AuthorizationPolicyBuilder().RequireAuthenticatedUser()
                                               .RequireRole(AdminRole)
                                               .Build();
    }
}

如果我导航到一个 MVC 页面，我会通过 AzureAD 进行身份验证，如果我然后返回到 Blazor 页面，我可以成功使用以下内容

<AuthorizeView Policy="@Policies.AccessRole">
    <p>Is in Access policy.</p>
</AuthorizeView>

<AuthorizeView Policy="@Policies.AdminRole">
    <p>Is in Admin policy.</p>
</AuthorizeView>

总而言之，我的 Blazor 页面在使用 [Authorize] 属性时不会自动发出身份验证质询。

有谁知道我做错了什么？

更新

它的设计 https://github.com/aspnet/AspNetCore/issues/13709

作为一种解决方法，我添加了一个组件来重定向到登录页面

应用程序.razor

<Router AppAssembly="@typeof(Program).Assembly">
    <Found Context="routeData">
        <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
            <NotAuthorized>
                <AuthChallenge></AuthChallenge>
            </NotAuthorized>
        </AuthorizeRouteView>
    </Found>
    <NotFound>
        <CascadingAuthenticationState>
            <LayoutView Layout="@typeof(MainLayout)">
                <p>Sorry, there's nothing at this address.</p>
            </LayoutView>
        </CascadingAuthenticationState>
    </NotFound>
</Router>

AuthCallenge.razor

@inject NavigationManager Navigation

@code {
    protected override void OnInitialized()
    {
        Navigation.NavigateTo("/Account/SignIn", true);
    }
}

Answer 1

查看您的 App.razor 文件。你使用 RouteView 还是 AuthorizeRouteView？

您需要按照“ASP.NET Core Blazor 身份验证和授权”页面中的说明定义 AuthorizeRouteView 。

<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
    <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
        <NotAuthorized>
            <h1>Sorry</h1>
            <p>You're not authorized to reach this page.</p>
            <p>You may need to log in as a different user.</p>
        </NotAuthorized>
        <Authorizing>
            <h1>Authentication in progress</h1>
            <p>Only visible while authentication is in progress.</p>
        </Authorizing>
    </AuthorizeRouteView>
</Found>
<NotFound>
    <CascadingAuthenticationState>
        <LayoutView Layout="@typeof(MainLayout)">
            <h1>Sorry</h1>
            <p>Sorry, there's nothing at this address.</p>
        </LayoutView>
    </CascadingAuthenticationState>
</NotFound>

如果缺少该组件， AuthorizeAttribute 似乎并没有做那么多。