dotnet/aspnetcore

AuthorizeView should expose the results of the AuthorizeAsync call as a context variable.

Open

#43.959 aperta il 13 set 2022

Vedi su GitHub
 (11 commenti) (6 reazioni) (0 assegnatari)C# (10.653 fork)batch import
area-blazorenhancementgood first issuehelp wanted

Metriche repository

Star
 (37.933 star)
Metriche merge PR
 (Merge medio 16g 9h) (258 PR mergiate in 30 g)

Descrizione

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I am using asp.net Policy to enforce licensing restrictions. When a user is not authorized to view or use a component I want to be able to tell them why they are not authorized. This is supported via Policy, where you can include a reason why access is denied that then shows up in the AuthorizationResult as a AuthorizationFailureReason. AuthorizeViewCore, however, throws away all this metadata and boils the result down to a true/false for which view to show.

Describe the solution you'd like

I wrote a custom AuthorizeViewCore that wraps the AuthenticationState and the AuthorizationResult in a new type, and makes that available as a context variable. Now my NotAuthorized view can show a tooltip or other message indicating why it's not authorized (ex. "this is disabled because you are not licensed for this feature").

Additional context

No response

Guida contributor