WebApplication.UseStatusCodePages() cannot handle unauthorized requests without explicit UseAuthorization() call

[marinasundstrom]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

These are observations from implementing auth with Server-side rendered pages (SSR) in Blazor Preview 6 - using Razor components instead of MVC Razor pages.

Cookie auth just works, that is great. But there are some issues:

Issues:

• AuthorizeRouteView doesn't work with the router. The NotAuthorized fragment does not get rendered. Instead I get redirected to a layout-less page saying: Error: 401 Unauthorized.

• The LoginDisplay doesn't re-ender when logged in using form. Redirecting to another page would help here.

Questions:

• How do I redirect to another URL from a component that server render? NavigationManager of course doesn't work here.

My github repo (branch): https://github.com/marinasundstrom/Blazor8Test/tree/auth

Expected Behavior

When unauthorized and entering page that requires authorization,
I expect the NotAuthorized fragment to be rendered with the MainLayout.

Steps To Reproduce

https://github.com/marinasundstrom/Blazor8Test/tree/auth

Exceptions (if any)

No response

.NET Version

8.0.100-preview.6.23330.14

Anything else?

No response

[javiercn]

How do I redirect to another URL from a component that server render? NavigationManager of course doesn't work here.

Navigation manager should work (not sure if it does in Preview6). There might be some conflicts with the SSR navigation manager overriding the static renderer one.

[marinasundstrom]

@javiercn OK. Yes. I'm on Preview 6 and it uses the RemoteNavigationManager even for server-side rendered page. And when invoking NavigateTo on the server, an exception is thrown.

My workaround was to build my own "ServerNavigationManager" (Not inheriting from NavigationManager) which modifies the HttpContext.Response to redirect to the specified location.

[javiercn]

@marinasundstrom where are you seeing the 401 from the authorizeview?

On SSR, the auth middleware should be handling the auth for the page.

[marinasundstrom]

@javiercn Here: https://blazor8app.graypebble-0c46426e.westus2.azurecontainerapps.io/auth

"/auth" is a page.

Unless I have missed something in my code.

https://github.com/marinasundstrom/Blazor8Test