95772c655e
AddAuthBlocks installs JwtBearer as the default challenge scheme; the
authorization middleware 401s unauthenticated nav requests before the
Blazor router runs. Tokens live in localStorage and are only readable
via JS interop after the SignalR circuit is live.
- Program.cs: MapRazorComponents .AllowAnonymous() so nav reaches the
Blazor router; API surfaces (MapAuthBlocks, MapControllers) still
enforce JWT. Fix middleware order to UseAuthentication -> UseAntiforgery
-> UseAuthorization per Blazor Web App template.
- App.razor: InteractiveServerRenderMode(prerender:false) on Routes and
HeadOutlet so AuthorizeRouteView evaluates after JS interop is ready;
extract to static field (was two inline allocations per render cycle).
- CmsLayout/Pages: drop conflicting per-component @rendermode directives
(parent now owns the render mode).
- Routes.razor: break authenticated-but-wrong-role redirect loop; split
NotAuthorized into unauthenticated -> RedirectToLogin and
authenticated-wrong-role -> RedirectToAccessDenied (new component).
- Pages/Index.razor: deleted — NavigateTo('/cms') was unreachable for
unauthenticated users and racey for authorized ones.
28 lines
937 B
Plaintext
28 lines
937 B
Plaintext
@using DeepDrftShared.Client.Components
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<base href="/" />
|
|
<DeepDrftFontLinks />
|
|
<link href=@Assets["_content/MudBlazor/MudBlazor.min.css"] rel="stylesheet" />
|
|
<link rel="stylesheet" href="@Assets["DeepDrftManager.styles.css"]" />
|
|
<link rel="stylesheet" href="@Assets["_content/DeepDrftShared.Client/styles/deepdrft-tokens.css"]" />
|
|
<ImportMap />
|
|
<link rel="icon" type="image/ico" href="deepdrft-logo.ico" />
|
|
<HeadOutlet @rendermode="ServerMode" />
|
|
</head>
|
|
|
|
<body>
|
|
<Routes @rendermode="ServerMode" />
|
|
<script src="_framework/blazor.web.js"></script>
|
|
<script src=@Assets["_content/MudBlazor/MudBlazor.min.js"]></script>
|
|
</body>
|
|
</html>
|
|
|
|
@code {
|
|
private static readonly IComponentRenderMode ServerMode = new InteractiveServerRenderMode(prerender: false);
|
|
}
|