When I try to handle the authorization within a razor server project via authorization policies like in the following example I face several problems.
<AuthorizeView Policy="Cookies">
</AuthorizeView>
Concrete setup: The Program.cs adds the authentication service without a default scheme. AddCookie() is called which adds the cookie authentication handler. Additionally, I add an authorization policy which has the following conditions:
- Deny anonymous access => RequireAuthenticatedUser()
- Authenticate via cookie => AddAuthenticationSchemes(CookieAuthenticationDefaults.AuthenticationScheme)
Now the authorize view specifies the policy (let's call it Cookies)
When I go to the page in the browser the component is not rendered because the user is not successfully authenticated. During the login I call the SignInAsync on the httpcontext within the codebehind of a razor page which generates a valid cookie. However the cookie authentication handler does not get triggered when I go to the page where the protected component resides.
I can provide more context, if needed.
As soon as the default scheme is set like AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) then everything works fine. Where and how does the authentication process gets triggered?
I added the default scheme, then everything worked fine.
I inspected the logs which told me that the authorization failed and that the DenyAnonymousAuthorizationRequirement was not met.