Blazor Server with Identity permissions authorization redirect loop
So, I have a new Blazor .net 6 Application that is using .net Identity for authentication. I was attempting to implement permissions based authorization by following this tutorial. As far as I can tell I have everything set up correctly, but when I start the app I'm immediately greeted with a redirect loop, a an error that reads "The page isn't redirecting properly" and a URL that's about 2600 characters long (https://localhost:7121/Identity/Account/Login?ReturnUrl=%252FIdentity%252FAccount%252FLogin%253FReturnUrl%253D%25252FIdentity%25252FAccount%25252FLogin%25253...).
As part of the tutorial I added two services to my Program.cs.
builder.Services.AddSingleton<IAuthorizationPolicyProvider, PermissionPolicyProvider>(); // Redirect error goes away if this is commented out
builder.Services.AddScoped<IAuthorizationHandler, PermissionAuthorizationHandler>();
If I comment out the PermissionPolicyProvider line, the redirect goes away and I can log in but I have no authorization. If I comment out PermissionPolicyProvider, log in, uncomment PermissionPolicyProvider and restart the app, the authorization works, but as soon as I log out I immediately get the redirect error. The error shows up when accessing pages that have [Authorize] and pages that have [AllowAnonymous].
Here is the PermissionPolicyProvider:
public class PermissionPolicyProvider : IAuthorizationPolicyProvider
{
public DefaultAuthorizationPolicyProvider FallbackPolicyProvider { get; }
public PermissionPolicyProvider( IOptions<AuthorizationOptions> options )
{
FallbackPolicyProvider = new DefaultAuthorizationPolicyProvider( options );
}
public Task<AuthorizationPolicy> GetDefaultPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync();
public Task<AuthorizationPolicy> GetPolicyAsync( string policyName )
{
if ( policyName.StartsWith( CustomClaimTypes.Permission, StringComparison.OrdinalIgnoreCase ) )
{
var policy = new AuthorizationPolicyBuilder();
policy.AddRequirements( new PermissionRequirement( policyName ) );
return Task.FromResult( policy.Build() );
}
return FallbackPolicyProvider.GetPolicyAsync( policyName );
}
public Task<AuthorizationPolicy> GetFallbackPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync();
}
There is a redirect in my App.razor file that redirects unauthenticated users, the redirect was working fine and I still get the redirect error even if I remove the redirect from App.razor. At this point I'm not really sure where to look. Is there something I may be overlooking when I implement the PermissionPolicyProvider?
Changing this:
public Task GetFallbackPolicyAsync() => FallbackPolicyProvider.GetDefaultPolicyAsync();
to this:
public Task GetFallbackPolicyAsync() => FallbackPolicyProvider.GetFallbackPolicyAsync();
fixed the issue.
- How do I solve audience (aud) invalid claim error for downstream api service?
- User not Signed in after SignInManager.PasswordSignInAsync method Call
- Proper design for th Keycloak auth with APIs and UI
- Blazor Server App error when logging out after adding authorize attribute
- Authentication header not reaching server in React & NodeJS app after deploying on server
- Jwt priority HttpOnly Cookie versus Authorisation bearer
- How to make Amazon AWS API call from Java?
- Cant get claims in authorization handler
- Role based authorization using Keycloak and .NET core
- Login User Data Persistent
- Token storage contains no authentication token and denyAccessUnlessGranted()
- How can Authorization Code Flow with PKCE be more secure than Authorization Code Flow without client_secret
- JWT Token still accepted after expiry Spring Boot 3.2 OAuth2 resource server
- How to solve Windows security window prompt for authorization failed in ASP.NET MVC
- How to generate access token using refresh token through google drive API?
- <AuthorizeView> not recognizing role claim
- twitter authorization using php Http_request
- Authorize actions in command handler
- Listing the Tables in the Storage Account using ADF Web Activity is failed with an authorization error
- Magento REST api authentication
- ASP.NET 8 Windows Authentication combined with custom policy authorization results in HandleRequirementAsync() being called twice for every request
- Issues with Spotify OAuth - not opening auth dialog, instantly redirecting back to my frontend
- When authorizing with the Android Authorization API, how can I prevent the permission confirmation popup from appearing every time?
- How can I authenticate user token in Angular Guard if I am using Http-Only?
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Require authenticated user in asp.net core but require custom policy in some actions require custom policy
- How to define the basic HTTP authentication using cURL correctly?
- Relation between Authorization middleware and filter Asp.net core
- Roles Authorization not working for Razor Pages site using AddNegotiate
- Laravel `Auth` not compatible with 3rd party library ajax call?