Blazor UI: Authorization

Blazor applications can use the same authorization system and permissions defined in the server side.

This document is only for authorizing on the Blazor UI. See the Server Side Authorization to learn how to define permissions and control the authorization system.

Basic Usage

ABP is 100% compatible with the Authorization infrastructure provided by the Blazor. See the Blazor Security Document to learn all authorization options. This section only shows some common scenarios.

Authorize Attribute

[Authorize] attribute can be used to show a page only to the authenticated users.

@page "/"
@attribute [Authorize]

You can only see this if you're signed in.

The [Authorize] attribute also supports role-based or policy-based authorization. For example, you can check permissions defined in the server side:

@page "/"
@attribute [Authorize("MyPermission")]

You can only see this if you have the necessary permission.

AuthorizeView

AuthorizeView component can be used in a page/component to conditionally render a part of the content:

<AuthorizeView Policy="MyPermission">
    <p>You can only see this if you satisfy the "MyPermission" policy.</p>
</AuthorizeView>

IAuthorizationService

IAuthorizationService can be injected and used to programmatically check permissions:

public partial class Index
{
    protected override async Task OnInitializedAsync()
    {
        if (await AuthorizationService.IsGrantedAsync("MyPermission"))
        {
            //...
        }
    }
}

If your component directly or indirectly inherits from the AbpComponentBase, AuthorizationService becomes pre-injected and ready to use. If not, you can always inject the IAuthorizationService yourself.

IAuthorizationService can also be used in the view side where AuthorizeView component is not enough.

There are some useful extension methods for the IAuthorizationService:

  • IsGrantedAsync simply returns true or false for the given policy/permission.
  • CheckAsync checks and throws AbpAuthorizationException if given policy/permission hasn't granted. You don't have to handle these kind of exceptions since ABP automatically handles errors.
  • AuthorizeAsync returns AuthorizationResult as the standard way provided by the ASP.NET Core authorization system.

See the Blazor Security Document to learn all authorization options

See Also

Contributors


Last updated: July 31, 2024 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

What’s New with .NET 9 & ABP 9?

21 Nov, 17:00
Online
Register Now
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More