dotnet/aspnetcore

AuthorizeView should expose the results of the AuthorizeAsync call as a context variable.

Open

#43 959 ouverte le 13 sept. 2022

Voir sur GitHub
 (11 commentaires) (6 réactions) (0 assignés)C# (10 653 forks)batch import
area-blazorenhancementgood first issuehelp wanted

Métriques du dépôt

Stars
 (37 933 stars)
Métriques de merge PR
 (Merge moyen 16j 9h) (258 PRs mergées en 30 j)

Description

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I am using asp.net Policy to enforce licensing restrictions. When a user is not authorized to view or use a component I want to be able to tell them why they are not authorized. This is supported via Policy, where you can include a reason why access is denied that then shows up in the AuthorizationResult as a AuthorizationFailureReason. AuthorizeViewCore, however, throws away all this metadata and boils the result down to a true/false for which view to show.

Describe the solution you'd like

I wrote a custom AuthorizeViewCore that wraps the AuthenticationState and the AuthorizationResult in a new type, and makes that available as a context variable. Now my NotAuthorized view can show a tooltip or other message indicating why it's not authorized (ex. "this is disabled because you are not licensed for this feature").

Additional context

No response

Guide contributeur