[Authorize] attribute can be used in Razor components:
@page "/" @attribute [Authorize] You can only see this if you're signed in.
@page components reached via the Blazor Router. Authorization is only performed as an aspect of routing and not for child components rendered within a page. To authorize the display of specific parts within a page, use AuthorizeView instead.
[Authorize] attribute also supports role-based or policy-based authorization. For role-based authorization, use the Roles parameter:
@page "/" @attribute [Authorize(Roles = "admin, superuser")] <p>You can only see this if you're in the 'admin' or 'superuser' role.</p>
For policy-based authorization, use the Policy parameter:
@page "/" @attribute [Authorize(Policy = "content-editor")] <p>You can only see this if you satisfy the 'content-editor' policy.</p>
If neither Roles nor Policy is specified,
[Authorize] uses the default policy, which by default is to treat:
- Authenticated (signed-in) users as authorized.
- Unauthenticated (signed-out) users as unauthorized.