我有2个Blazor服务器端应用程序,每个应用程序在Azure AD中都有自己的应用程序注册。在VS2019.NET Core 3.0中创建新的Blazor Server-side应用程序时,它们几乎是开箱即用的。
当它们在浏览器的2个选项卡中打开并且我退出App AI时,仍然可以导航App B中的页面链接。AppB在按下浏览器的页面刷新按钮之前看不到我已注销。
我尝试将@attribute [Authorize]添加到页面,<NotAuthorized>在App.razor页面中定义,并使用AuthenticationStateProviderin页面OnInitializedAsync功能检查是否.IsAuthenticated没有运气。
@page "/fetchdata"
@attribute [Authorize]
[CascadingParameter] Task<AuthenticationState> authenticationStateTask { get; set; }
protected override async Task OnInitializedAsync()
{
var authState = await authenticationStateTask;
var user = authState.User;
if (!user.Identity.IsAuthenticated)
{
NavigationManager.NavigateTo("Error");
}
}
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
<NotAuthorized>
<h1>Please Log In.</h1>
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<CascadingAuthenticationState>
<LayoutView Layout="@typeof(MainLayout)">
<p>Sorry, there's nothing at this address.</p>
</LayoutView>
</CascadingAuthenticationState>
</NotFound>
</Router>
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
services.AddRazorPages();
services.AddServerSideBlazor();
services.AddSingleton<WeatherForecastService>();
services.AddServerSideBlazor().AddCircuitOptions(options => { options.DetailedErrors = true; });
services.AddSingleton<TestContextService>();
}
这可能与诸如Chrome和Firefox的Web浏览器对其Cookie的SameSite实施进行重大更改有关。
您可以尝试此处描述的缓解步骤:https : //github.com/aspnet/AspNetCore/issues/14996
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句