The [Authorize]
attribute can be used in Razor components:
@page "/" @attribute [Authorize] You can only see this if you're signed in.
Only use [Authorize]
on @page
components reached via the Blazor Router. Authorization is only performed as an aspect of routing and not for child components rendered within a page. To authorize the display of specific parts within a page, use AuthorizeView instead.
The [Authorize]
attribute also supports role-based or policy-based authorization. For role-based authorization, use the Roles parameter:
@page "/" @attribute [Authorize(Roles = "admin, superuser")] <p>You can only see this if you're in the 'admin' or 'superuser' role.</p>
For policy-based authorization, use the Policy parameter:
@page "/" @attribute [Authorize(Policy = "content-editor")] <p>You can only see this if you satisfy the 'content-editor' policy.</p>
If neither Roles nor Policy is specified, [Authorize]
uses the default policy, which by default is to treat:
- Authenticated (signed-in) users as authorized.
- Unauthenticated (signed-out) users as unauthorized.
Refererences
https://docs.microsoft.com/en-us/aspnet/core/blazor/security/?view=aspnetcore-6.0#authorize-attribute