Blazor Page element authorization ——AuthorizeView Use of components

Last blog we talked about blazor The realization of identity authentication , about AuthorizeView In terms of components , You can use cascading parameters to get the information that contains the user AuthenticationState object .

Please note that , You need to quote Microsoft.AspNetCore.Components.Authorization Nuget package , And add the service in the startup class Services.AddAuthorizationCore();
Use CascadingAuthenticationState Package of components App.razor The code in ：

<CascadingAuthenticationState>
    <Router AppAssembly="@typeof(Program).Assembly">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData" 
                DefaultLayout="@typeof(MainLayout)" />
        </Found>
        <NotFound>
            <LayoutView Layout="@typeof(MainLayout)">
                <p>Sorry, there's nothing at this address.</p>
            </LayoutView>
        </NotFound>
    </Router>
</CascadingAuthenticationState>

If no authorization conditions are specified , be AuthorizeView Use the default policy ：

• Will be authenticated （ Logged in ） The user of is deemed authorized .
• Will not be authenticated （ Cancelled ） The user of is regarded as unauthorized .

Role Based Authorization

There are various ways to obtain roles , It can come from the project itself , It can also come from an external permission system . All in all , You need to be clear about the permission scope of the role , For example, it controls which pages can be accessed , Which buttons are visible .
please remember , It is not safe to control permissions only on the client .

stay AuthorizeView Components that need to be verified before they can be viewed

<AuthorizeView Roles="admin">
    <p>You can only see this if you're an admin or superuser.</p>
</AuthorizeView>

Personally, I regard authentication and authorization as two services . The authorization service is based on the system code and module Id, Call the authority management system interface , The permission system will return to the permission tree according to the current user , And after I get the permission tree , The button or permission ID of the page will be used as Roles, write in AuthenticationState among , Using the above example , Control the presentation of page elements .

The complete authorization service code is attached below ：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
using ClientSideTemplate.Client.Foundation.Authentication.Model;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Components.WebAssembly.Http;
using Newtonsoft.Json;

namespace ClientSideTemplate.Client.Foundation.Authentication
{
    public class AuthorizedService
    {
        private readonly IServiceClient _serviceClient;
        private readonly AuthorizedOption _authorizedOption;

        public AuthorizedService(IServiceClient serviceClient, AuthorizedOption authorizedOption)
        {
            _serviceClient = serviceClient;
            _authorizedOption = authorizedOption;
        }

        public async Task AuthorizedAsync(AuthenticationState state)
        {
#if DEBUG
            var identity = new ClaimsIdentity(_authorizedOption.ModuleIds.Select(x => new Claim(ClaimTypes.Role, x)));
            state.User.AddIdentity(identity);
#else
            foreach (var moduleId in _authorizedOption.ModuleIds)
            {
                var userInfo = await GetUserInfo(_authorizedOption.SystemCode, moduleId);
                var identity = new ClaimsIdentity(userInfo.PrivilegeTree.Select(x => new Claim(ClaimTypes.Role, x.ModuleId)));
                state.User.AddIdentity(identity);
            }
#endif
        }

        private async Task<UserInfo> GetUserInfo(string systemCode, string moduleId)
        {
            var request = new HttpRequestMessage(HttpMethod.Get, $"/login/Auth/UserInfo?systemCode={systemCode}&moduleId={moduleId}");
            request.SetBrowserRequestCredentials(BrowserRequestCredentials.Include);

            var response = await _serviceClient.SendAsync(request);
            if (response.StatusCode == HttpStatusCode.Unauthorized)
            {
#if !DEBUG
                SignIn();
#endif
            }

            var content = await response.Content.ReadAsStringAsync();
            if (string.IsNullOrWhiteSpace(content))
            {
                return new UserInfo();
            }

            return JsonConvert.DeserializeObject<ApiResult<UserInfo>>(content).Result;
        }
    }
}

in addition , If you want to get AuthenticationState, Please take the form of cascading parameters ：

 [CascadingParameter]
private Task<AuthenticationState> authenticationStateTask { get; set; }