dotnet/aspnetcore

AuthorizeView should expose the results of the AuthorizeAsync call as a context variable.

Open

#43,959 创建于 2022年9月13日

在 GitHub 查看
 (11 评论) (6 反应) (0 负责人)C# (10,653 fork)batch import
area-blazorenhancementgood first issuehelp wanted

仓库指标

Star
 (37,933 star)
PR 合并指标
 (平均合并 16天 9小时) (30 天内合并 258 个 PR)

描述

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I am using asp.net Policy to enforce licensing restrictions. When a user is not authorized to view or use a component I want to be able to tell them why they are not authorized. This is supported via Policy, where you can include a reason why access is denied that then shows up in the AuthorizationResult as a AuthorizationFailureReason. AuthorizeViewCore, however, throws away all this metadata and boils the result down to a true/false for which view to show.

Describe the solution you'd like

I wrote a custom AuthorizeViewCore that wraps the AuthenticationState and the AuthorizationResult in a new type, and makes that available as a context variable. Now my NotAuthorized view can show a tooltip or other message indicating why it's not authorized (ex. "this is disabled because you are not licensed for this feature").

Additional context

No response

贡献者指南