Aspnetcore: Using multiple policies inside <AuthorizeView> Blazor component

Created on 29 Mar 2020  路  4Comments  路  Source: dotnet/aspnetcore

Actually we can specify the policy inside the <AuthorizeView>, like this:

<AuthorizeView Policy="MyPolicy_A">
  <Authorized>
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>

and this works well with only one policy.

Problem

But if I try to use two or more <AuthorizeView> components on the same page, to handle different policies, then I do have to set different context for each <AuthorizeView>, to prevent indetermination, because each of them implicity define a context with the same name, so this will trigger an error:

<AuthorizeView Policy="MyPolicy_A">
  <Authorized>
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>
<AuthorizeView Policy="MyPolicy_B">
  <Authorized>
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>

Moreover, I now have two or more <NotAuthorized> sections...

Proposed solution

So I'm asking you to refactor the <AuthorizeView> allowing the inner component <Authorized> to use Roles/Policies, like this:

<AuthorizeView>
  <Authorized  Policy="MyPolicy_A">
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_B">
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_C">
    ...
  </Authorized>
  <NotAuthorized>
    ...
  </NotAuthorized>
</AuthorizeView>

Breaking change or not?

Could you maybe add roles/policies to the <Authorized> module without removing it from the <AuthorizeView> one, so that actual code doesn't break?

The idea is to have something like this:

<AuthorizeView Policy="MyPolicy_ A">
  <Authorized  Policy="MyPolicy_B">
    // here only if MyPolicy_A and MyPolicy_B succeeded
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_C">
    // here only if MyPolicy_A and MyPolicy_C succeeded
    ...
  </Authorized>
  <Authorized  Policy="MyPolicy_D">
    // here only if MyPolicy_A and MyPolicy_D succeeded
    ...
  </Authorized>
  <NotAuthorized>
    // here only if MyPolicy_A failed
    ...
  </NotAuthorized>
</AuthorizeView>

As usual, if no policy (and no roles) are defined at the <AuthorizeView> level, the default condition is that the user is logged.

Thanks for your kind attention.

affected-few area-blazor enhancement severity-minor
Source
picture ncarandini
👍4

Most helpful comment

Yes Please this would be a very useful and Welcome Feature for the AuthorizeView Component

picture alfkonee on 15 Apr 2020
👍3

All 4 comments

@ncarandini thanks for contacting us.

I'm not sure we can do anything in this area. We'll discuss within the team and update this issue accordingly.

javiercn picture javiercn on 30 Mar 2020

Yes Please this would be a very useful and Welcome Feature for the AuthorizeView Component

alfkonee picture alfkonee on 15 Apr 2020
👍3

I faced the same issue today. Are there any workarounds if we want to apply different policies on the same page?

alvisualtensor picture alvisualtensor on 22 Apr 2020
👀2

I've made a separate component for each "Authorized Policy="MyPolicy_*" case. It's not an elegant solution but works.

kav48382 picture kav48382 on 4 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

githubgitgit picture githubgitgit  路  3Comments
guardrex picture guardrex  路  3Comments
markrendle picture markrendle  路  3Comments
FourLeafClover picture FourLeafClover  路  3Comments
groogiam picture groogiam  路  3Comments