I am building a Blazor WASM app and I am struggling with the following:
I have a few Authorization policies dictated by the use of
@attribute [Authorize(Policy = "MyPolicy"]Everything works great. The policies work fine - users who are authorized to access a certain page can get in whereas users who are not authorized to access a page get a message indicating such.
The issue becomes when I open a new browser window. My assumption (and I could very easily be wrong) is that if I am authenticated in one browser window and I open another browser window, my authentication & authorization persist.
What I have found is that the user is identified as authenticated but they cannot authorize.
Is there something I am missing in my assumption above?
To test the above I added Console.Writeln() commands to identify the claims (which is what enables the policies) but the claims in AuthenticationStateProvider are empty. The user appears Authenticated but not Authorized.
It's almost like my "session"/"cookies"(?) are tied to that one browser window. If that's the case then is there a way to set the session/cookies/token (whatever is the appropriate nomenclature) to be shared among browser windows?
If that's not possible what are my alternatives?
Thank you in advance!