I have a blazor server app with AAD login. I want to restrict access only to specific users (based on user roles).
program.cs
builder.Services .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection(AppConsts.Config.AzureAdSectionKey))builder.Services.AddAuthorization(options =>{ options.FallbackPolicy = options.DefaultPolicy;});builder.Services .AddControllersWithViews() .AddMicrosoftIdentityUI();builder.Services.AddRazorPages();app.UseAuthentication();app.UseAuthorization();//app.MapRazorPages(); when commented I get endless redirection to MicrosoftIdentity/Account/AccessDenied?ReturnUrl=%2FMicrosoftIdentity%2FAccount%2FAccessDenied%3FReturnUrl%app.MapControllers();app.MapRazorComponents<App>() .AddInteractiveServerRenderMode() .RequireAuthorization();I restrict access to my app using ClaimsTransformation so that it cannot be overriden in AuthorizationPolicy
public class ClaimsTransformation : IClaimsTransformation{ public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal) { if (!IsUserAllowed(principal)) { var emptyClaimIdentity = new ClaimsIdentity(); emptyClaimIdentity.AddClaim(new Claim(ClaimTypes.Name, principal.Identity?.Name ?? "anonym")); return new ClaimsPrincipal(emptyClaimIdentity); } return principal; }}Now I'm getting endless redirects to MicrosoftIdentity/Account/AccessDenied.However when I add razor pages, I get proper "Access denied" page response.
- Why is the AccessDenied page being redirected at all?
- Is MicrosoftIdentityUI package dependent on razor pages? I thought they switched to controllers
