I'm just getting started with Blazor, and while going through the scaffolded project that uses Identity with both SSR and WASM, I noticed that the Auth.razor page in the client project includes both the @attribute [Authorize] directive and the <AuthorizeView> component, as shown here:
@page "/auth"@using Microsoft.AspNetCore.Authorization@attribute [Authorize]@rendermode InteractiveAuto<PageTitle>Auth</PageTitle><h1>You are authenticated</h1><AuthorizeView> Hello @context.User.Identity?.Name!</AuthorizeView>From what I understand from the documentation, the @attribute [Authorize] directive is meant to protect the route as a whole, meaning it won't be accessible unless the user is authorized.
My question is: why use an <AuthorizeView> in this case if the attribute already guarantees that the user is authorized? It seems redundant to check authorization at both the route and content levels.What's the point of using both in this scenario?
Keep in mind that I’m not considering roles here — this is simply a matter of whether the user is logged in or not.