dotnet/aspnetcore

AuthorizeView should expose the results of the AuthorizeAsync call as a context variable.

Open

#43.959 geöffnet am 13. Sept. 2022

Auf GitHub ansehen
 (11 Kommentare) (6 Reaktionen) (0 zugewiesene Personen)C# (10.653 Forks)batch import
area-blazorenhancementgood first issuehelp wanted

Repository-Metriken

Stars
 (37.933 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 16T 9h) (258 gemergte PRs in 30 T)

Beschreibung

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I am using asp.net Policy to enforce licensing restrictions. When a user is not authorized to view or use a component I want to be able to tell them why they are not authorized. This is supported via Policy, where you can include a reason why access is denied that then shows up in the AuthorizationResult as a AuthorizationFailureReason. AuthorizeViewCore, however, throws away all this metadata and boils the result down to a true/false for which view to show.

Describe the solution you'd like

I wrote a custom AuthorizeViewCore that wraps the AuthenticationState and the AuthorizationResult in a new type, and makes that available as a context variable. Now my NotAuthorized view can show a tooltip or other message indicating why it's not authorized (ex. "this is disabled because you are not licensed for this feature").

Additional context

No response

Contributor Guide