Blazor UI: Authorization
Blazor applications can use the same authorization system and permissions defined in the server side.
This document is only for authorizing on the Blazor UI. See the Server Side Authorization to learn how to define permissions and control the authorization system.
Basic Usage
ABP Framework is 100% compatible with the Authorization infrastructure provided by the Blazor. See the Blazor Security Document to learn all authorization options. This section only shows some common scenarios.
Authorize Attribute
[Authorize]
attribute can be used to show a page only to the authenticated users.
@page "/"
@attribute [Authorize]
You can only see this if you're signed in.
The [Authorize]
attribute also supports role-based or policy-based authorization. For example, you can check permissions defined in the server side:
@page "/"
@attribute [Authorize("MyPermission")]
You can only see this if you have the necessary permission.
AuthorizeView
AuthorizeView
component can be used in a page/component to conditionally render a part of the content:
<AuthorizeView Policy="MyPermission">
<p>You can only see this if you satisfy the "MyPermission" policy.</p>
</AuthorizeView>
IAuthorizationService
IAuthorizationService
can be injected and used to programmatically check permissions:
public partial class Index
{
protected override async Task OnInitializedAsync()
{
if (await AuthorizationService.IsGrantedAsync("MyPermission"))
{
//...
}
}
}
If your component directly or indirectly inherits from the AbpComponentBase
, AuthorizationService
becomes pre-injected and ready to use. If not, you can always inject the IAuthorizationService
yourself.
IAuthorizationService
can also be used in the view side where AuthorizeView
component is not enough.
There are some useful extension methods for the IAuthorizationService
:
IsGrantedAsync
simply returnstrue
orfalse
for the given policy/permission.CheckAsync
checks and throwsAbpAuthorizationException
if given policy/permission hasn't granted. You don't have to handle these kind of exceptions since ABP Framework automatically handles errors.AuthorizeAsync
returnsAuthorizationResult
as the standard way provided by the ASP.NET Core authorization system.
See the Blazor Security Document to learn all authorization options
See Also
- Authorization (server side)
- Blazor Security (Microsoft documentation)
- ICurrentUser Service
- Video tutorial