blazor web app .net8 - negociate auth - http 403 when refresh page

I have a problem with windows authentication and blazor web app .net8, everything works fine except for one detail:When I'm on a route with an authorization attribute, if I press F5 on this page, I get an http 403.

In order to reproduce my problem, I started from a blank blazor web app project. Here are the steps I followed:

• Add the Microsoft.AspNetCore.Authentication.Negotiate package
• Wrap the in a in Routes.razor
• Change the to an in Routes.razor
• Add to Program.csbuilder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate(); builder.Services.AddAuthorization(options => options.FallbackPolicy = options.DefaultPolicy);

I then created a simple permission to reproduce the problem:

builder.Services.AddAuthorization(options =>{    options.AddPolicy("view", policy => policy.RequireClaim("Permission", "view"));});

I created a CustomAuthenticationStateProvider to systematically add this authorization

and added the following attribute to the Counter example page:

@attribute [Authorize(Policy = "view")]

When I navigate to this page via the menu, I access the page correctly and everything is fine.

If I press F5, I get an http 403 error. Could someone please explain what's wrong?

Thanks in advance

Edit 1 :it's a really basic CustomAuthenticationStateProvider class for my test :

public class CustomAuthenticationStateProvider : AuthenticationStateProvider{    public IHttpContextAccessor HttpContextAccessor { get; set; }    public CustomAuthenticationStateProvider(IConfiguration conf, IHttpContextAccessor httpContextAccessor)    {        HttpContextAccessor = httpContextAccessor;    }    public async override Task<AuthenticationState> GetAuthenticationStateAsync()    {        if (HttpContextAccessor.HttpContext.User.Identity.IsAuthenticated)        {            var identity = new ClaimsIdentity(new[]            {                new Claim(ClaimTypes.Name, "username")            }, "windows auth");            identity.AddClaim(new Claim("Permission", "view"));            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "username"));            identity.AddClaim(new Claim(ClaimTypes.GivenName, "username"));            identity.AddClaim(new Claim(ClaimTypes.Name, "username"));            var user = new ClaimsPrincipal(identity);            return new AuthenticationState(user);        }        return new AuthenticationState(new ClaimsPrincipal());    }}