dotnet/aspnetcore

AuthorizeView should expose the results of the AuthorizeAsync call as a context variable.

Open

#43,959 建立於 2022年9月13日

在 GitHub 查看
 (11 留言) (6 反應) (0 負責人)C# (10,653 fork)batch import
area-blazorenhancementgood first issuehelp wanted

倉庫指標

Star
 (37,933 star)
PR 合併指標
 (平均合併 16天 9小時) (30 天內合併 258 個 PR)

描述

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I am using asp.net Policy to enforce licensing restrictions. When a user is not authorized to view or use a component I want to be able to tell them why they are not authorized. This is supported via Policy, where you can include a reason why access is denied that then shows up in the AuthorizationResult as a AuthorizationFailureReason. AuthorizeViewCore, however, throws away all this metadata and boils the result down to a true/false for which view to show.

Describe the solution you'd like

I wrote a custom AuthorizeViewCore that wraps the AuthenticationState and the AuthorizationResult in a new type, and makes that available as a context variable. Now my NotAuthorized view can show a tooltip or other message indicating why it's not authorized (ex. "this is disabled because you are not licensed for this feature").

Additional context

No response

貢獻者指南