95772c655e
AddAuthBlocks installs JwtBearer as the default challenge scheme; the
authorization middleware 401s unauthenticated nav requests before the
Blazor router runs. Tokens live in localStorage and are only readable
via JS interop after the SignalR circuit is live.
- Program.cs: MapRazorComponents .AllowAnonymous() so nav reaches the
Blazor router; API surfaces (MapAuthBlocks, MapControllers) still
enforce JWT. Fix middleware order to UseAuthentication -> UseAntiforgery
-> UseAuthorization per Blazor Web App template.
- App.razor: InteractiveServerRenderMode(prerender:false) on Routes and
HeadOutlet so AuthorizeRouteView evaluates after JS interop is ready;
extract to static field (was two inline allocations per render cycle).
- CmsLayout/Pages: drop conflicting per-component @rendermode directives
(parent now owns the render mode).
- Routes.razor: break authenticated-but-wrong-role redirect loop; split
NotAuthorized into unauthenticated -> RedirectToLogin and
authenticated-wrong-role -> RedirectToAccessDenied (new component).
- Pages/Index.razor: deleted — NavigateTo('/cms') was unreachable for
unauthenticated users and racey for authorized ones.
23 lines
793 B
Plaintext
23 lines
793 B
Plaintext
<Router AppAssembly="typeof(App).Assembly"
|
|
AdditionalAssemblies="new[] { typeof(AuthBlocksWeb._Imports).Assembly }">
|
|
<Found Context="routeData">
|
|
<AuthorizeRouteView RouteData="routeData">
|
|
<NotAuthorized Context="authState">
|
|
@if (authState.User.Identity?.IsAuthenticated == true)
|
|
{
|
|
<RedirectToAccessDenied />
|
|
}
|
|
else
|
|
{
|
|
<RedirectToLogin />
|
|
}
|
|
</NotAuthorized>
|
|
</AuthorizeRouteView>
|
|
<FocusOnNavigate RouteData="routeData" Selector="h1" />
|
|
</Found>
|
|
<NotFound>
|
|
<PageTitle>Not found</PageTitle>
|
|
<p role="alert">Sorry, there's nothing at this address.</p>
|
|
</NotFound>
|
|
</Router>
|