profile
viewpoint

Ask questionsAspNetCore 3.0 Blazor Server inconsistent rendering between server and client of authorized components

I am seeing a weird issue during the runtime of my ASP.NET Core 3.0 Blazor Server app where the prerendered page properly renders HTML inside of an <AuthorizeView Policy="Admin"> but quickly gets updated to render the <NotAuthorized> version once the browser client loads. I've attached a video demo below as well as the relevant source code. You can see the view flicker from the properly authorized view to the unauthorized one, even though the user remains logged in with the appropriate claims.

Demo

Demo

Source

In Startup.cs:

services.AddAuthorization(options =>
{
    options.AddPolicy("Admin", policy =>
    {
        policy.RequireAssertion(context => context.User.HasClaim(c => c.Issuer == "Microsoft"));
    });
});

In NavMenu.razor:

<AuthorizeView Policy="Admin">
    <Authorized>
        <NavLink href="/admin">Admin</NavLink>
    </Authorized>
</AuthorizeView>

In Admin.razor:

@page "/admin"
@attribute [Authorize(Policy = "Admin")]

<h3>Admin</h3>
aspnet/AspNetCore

Answer questions pheuter

I've added some debug output to the Razor page to enumerate over all user claims using the code below. Something weird is happening where the initial server render contains the proper set of claims and the right issuer, and then when the client loads it switches all the issuers to LOCAL AUTHORITY and duplicates the claims.

Page.razor:

<AuthorizeView>
    <Authorized>
        @foreach (var claim in context.User.Claims)
        {
            <p>@claim.Type - @claim.Value Issued By @claim.Issuer</p>
        }
    </Authorized>
</AuthorizeView>

Server rendered: Server_rendered

Client rendered: Client_rendered

useful!

Related questions

HTTP Error 500.31 - ANCM Failed to Find Native Dependencies hot 6
ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY when clean webapi template
MissingMethodException: Method not found Microsoft.EntityFrameworkCore.Metadata.Builders.IndexBuilder
Migrate Asp.Net Core 2.2 Integration Tests to 3.0 - The TestServer constructor was not called with a IWebHostBuilder so IWebHost is not available. hot 4
HTTP Error 500.30 - ANCM In-Process Start Failure hot 3
CSS Isolation in Blazor Components hot 3
How to retrieve the HttpContext from Blazor server-side ? hot 3
Oauth2 authentication erroring with "The oauth state was missing or invalid." hot 3
Failed to gracefully shutdown application (IIS Hang) hot 3
UseStaticFiles with StaticFileOptions/FileExtensionContentTypeProvider breaks server side Blazor hot 2
HTTP Error 500.0 - ANCM In-Process Handler Load Failure hot 2
Method not found: 'Microsoft.EntityFrameworkCore.Metadata.Builders.IndexBuilder Microsoft.EntityFrameworkCore.Metadata.Builders.EntityTypeBuilder`1.HasIndex(System.Linq.Expressions.Expression`1<System.Func`2<System.__Canon,System.Object>>)'. hot 2
MissingMethodException at SignInManager ctor after update hot 2
BadHttpRequestException: Reading the request body timed out due to data arriving too slowly hot 2
.NET Core 3 Preview Blazor basic project does not compile hot 2
Github User Rank List