Using multiple policies inside <AuthorizeView> Blazor component

Actually we can specify the policy inside the <AuthorizeView>, like this:

<AuthorizeView Policy="MyPolicy_A">
  <Authorized>
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>

and this works well with only one policy.

Problem

But if I try to use two or more <AuthorizeView> components on the same page, to handle different policies, then I do have to set different context for each <AuthorizeView>, to prevent indetermination, because each of them implicity define a context with the same name, so this will trigger an error:

<AuthorizeView Policy="MyPolicy_A">
  <Authorized>
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>
<AuthorizeView Policy="MyPolicy_B">
  <Authorized>
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>

Moreover, I now have two or more <NotAuthorized> sections…

Proposed solution

So I’m asking you to refactor the <AuthorizeView> allowing the inner component <Authorized> to use Roles/Policies, like this:

<AuthorizeView>
  <Authorized  Policy="MyPolicy_A">
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_B">
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_C">
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>

Breaking change or not?

Could you maybe add roles/policies to the <Authorized> module without removing it from the <AuthorizeView> one, so that actual code doesn’t break?

The idea is to have something like this:

<AuthorizeView Policy="MyPolicy_ A">
  <Authorized  Policy="MyPolicy_B">
    // here only if MyPolicy_A and MyPolicy_B succeeded
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_C">
    // here only if MyPolicy_A and MyPolicy_C succeeded
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_D">
    // here only if MyPolicy_A and MyPolicy_D succeeded
    ...
  </Authorized>
  <NotAuthorized>
    // here only if MyPolicy_A failed
    ...
  </NotAuthorized>
</AuthorizeView>

As usual, if no policy (and no roles) are defined at the <AuthorizeView> level, the default condition is that the user is logged.

Thanks for your kind attention.

Issue Analytics

State:
Created 3 years ago
Reactions:7
Comments:6 (2 by maintainers)

Top GitHub Comments

5reactions

alfkoneecommented, Apr 15, 2020

Yes Please this would be a very useful and Welcome Feature for the AuthorizeView Component

2reactions

alvisualtensorcommented, Apr 22, 2020

I faced the same issue today. Are there any workarounds if we want to apply different policies on the same page?

Top Results From Across the Web

Looking for better way to use multiple roles in Blazor ...

Looking for better way to use multiple roles in Blazor ... When it comes to the Blazor AuthorizeView component however, things get tricky....

ASP.NET Core Blazor authentication and authorization

Create a policy for AuthorizeView that confirms that the user satisfies several other policies. Nest the policies in multiple AuthorizeView ...

Configuring Policy-based Authorization with Blazor

In this post, I'm going to show you how to configure the newer, and recommended, policy-based authorization with Blazor.

Blazor authorize attribute

This component is used to authorize the display of specific parts within a page, including child components. blazor authorize attribute. We use [Authorize] ......

Authorization in Blazor

In this video we will discuss Authorization in Blazor, specifically how to show and hide UI elements depending on the authentication state of...