Any experts here on Blazor Server and authentication?
I have a test app with authentication that works fine as a Blazor WebAsm app and I want to replicate that in a Blazor Server app.
The core bits n pieces are in place and seems to get invoked, but no matter what I do, pages with @attribute [Authorize] are never accessible, always behave as if user is not authenticated the auth is custom operation where we simply pull a cookie by name and convert that to a JWT this works fine in BWA but as I say, not in BSA.
Here's the core if what is in the BWA Program.cs
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).ad
.AddJwtBearer(options =>
{
//options.Authority = "something";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = configuration["Jwt:ValidIssuer"],
ValidAudience = configuration["Jwt:ValidAudience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:SecretKey"]))
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
context.Token = context.Request.Cookies["lti_security_token"];
return Task.CompletedTask;
},
};
});
That same code seems to execute on the Blazor Server app (the lambda for example, gets hit when the site is accessed). But no matter what I do the checks for user being authenticated always show them as not authenticated.
For example pages decorated with @attribute [Authorize] say the user is not authenticated and this code in a page too, also says not authenticated:
@code {
private WeatherForecast[]? forecasts;
protected override async Task OnInitializedAsync()
{
forecasts = await ForecastService.GetForecastAsync(DateTime.Now);
}
}
Basically I grab a cookie and convert it to a JWT, works absolutely fine in Web Asm, can see the claims and everything fine.