I also have the same issue. After countless repeated tests, I finally discovered that the problem in the custom AuthenticationStateProvider not being triggered.
@page "/myform02"
@attribute [Authorize(Roles = "MYFORM02")] //---* Authz FAIL when refreshing the page with F5.
<MudContainer>
<MudText Typo=Typo.h2>MyForm02</MudText>
</MudContainer>
Because when pressing F5 to refresh the page, the CustomAuthenticationStateProvider
is not triggered => invalid authorization => (Unknown handling action...) => 404
using Microsoft.AspNetCore.Components.Authorization;
using System.Security.Claims;
namespace N8BlazorServerAuth.Services;
internal class CustomAuthenticationStateProvider(IHttpContextAccessor _http) : AuthenticationStateProvider
{
public override Task<AuthenticationState> GetAuthenticationStateAsync()
{
var userIdentity = _http.HttpContext?.User.Identity as ClaimsIdentity;
if (userIdentity == null)
{
var anonymous = new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity()));
return Task.FromResult(anonymous);
}
//---* Added authorization
userIdentity.AddClaim(new Claim(ClaimTypes.Role, "MYFORM02"));
// Success
return Task.FromResult(new AuthenticationState(new ClaimsPrincipal(userIdentity)));
}
}
in NET5 NET6, pressing F5 to refresh the page is fine, but NET8 it's FAIL!
I had register
builder.Services.AddScoped<AuthenticationStateProvider, CustomAuthenticationStateProvider>();