profile
viewpoint

Ask questionsAspNetCore 3.0 Blazor Server inconsistent rendering between server and client of authorized components

I am seeing a weird issue during the runtime of my ASP.NET Core 3.0 Blazor Server app where the prerendered page properly renders HTML inside of an <AuthorizeView Policy="Admin"> but quickly gets updated to render the <NotAuthorized> version once the browser client loads. I've attached a video demo below as well as the relevant source code. You can see the view flicker from the properly authorized view to the unauthorized one, even though the user remains logged in with the appropriate claims.

Demo

Demo

Source

In Startup.cs:

services.AddAuthorization(options =>
{
    options.AddPolicy("Admin", policy =>
    {
        policy.RequireAssertion(context => context.User.HasClaim(c => c.Issuer == "Microsoft"));
    });
});

In NavMenu.razor:

<AuthorizeView Policy="Admin">
    <Authorized>
        <NavLink href="/admin">Admin</NavLink>
    </Authorized>
</AuthorizeView>

In Admin.razor:

@page "/admin"
@attribute [Authorize(Policy = "Admin")]

<h3>Admin</h3>
aspnet/AspNetCore

Answer questions pheuter

I've added some debug output to the Razor page to enumerate over all user claims using the code below. Something weird is happening where the initial server render contains the proper set of claims and the right issuer, and then when the client loads it switches all the issuers to LOCAL AUTHORITY and duplicates the claims.

Page.razor:

<AuthorizeView>
    <Authorized>
        @foreach (var claim in context.User.Claims)
        {
            <p>@claim.Type - @claim.Value Issued By @claim.Issuer</p>
        }
    </Authorized>
</AuthorizeView>

Server rendered: Server_rendered

Client rendered: Client_rendered

Related questions

ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY when clean webapi template hot 292
Restore MvcJsonOptions to ASP.NET Core 3.0 as a type forward? hot 271
HTTP Error 500.31 - ANCM Failed to Find Native Dependencies hot 270
The SPA default page middleware could not return the default page '/index.html' in production application hot 173
HTTP Error 500.30 - ANCM In-Process Start Failure hot 156
HTTP Error 500.30 - ANCM In-Process Start Failure hot 149
Calling Request.EnableRewind throw on 3.0.0-preview7 hot 128
ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY when clean webapi template hot 121
Issue with BuildServiceProvider() in ConfigureServices() hot 116
DataProtection - CryptographicException when using EntityFramework as Key Storage Provider hot 109
Using 'UseMvc' to configure MVC is not supported while using Endpoint Routing. To continue using 'UseMvc', please set 'MvcOptions.EnableEndpointRounting = false' inside 'ConfigureServices'. hot 103
Error: Server returned handshake error: Handshake was canceled. hot 94
IIS in-process hosting incorrectly throws ConnectionResetException for HTTP POST hot 91
Blazor - rzc generate exited with code 1. DotNet Core 3.0.100-preview8-013656 hot 89
error CS1503: Argument 2: cannot convert from 'method group' to 'EventCallback' hot 88
Github User Rank List