Comments (8)
Hmm... Interesting bug...
Apparently in SubmitAsync()
after the call to SelfRegister is done, the page is already back to /login
. Even though no call to Navigation.NavigateTo("...")
has been executed.
I don't really understand what's going on...
from blazor-wasm-boilerplate.
Hello, I think I found a solution, comment the line where a redirection to the login page is made, about the JwtAuthenticationHeaderHandler class, I think that the access control to pages that do not have anonymous access is done from App.razor.
It is not that there is an error in not showing the validations, but that before we can see them the application had already made the redirection to the login page, I consider that this change does not affect the complete operation of the application.
If I want to enter the brand page, it does not give me access and returns me to the login page
what do you think?
from blazor-wasm-boilerplate.
Ok, I was already thinking it had probably something to do with that... but I commented out the other part (in App.razor) in stead... but that got me nowhere... didn't think about the JwtAuthenticationHeaderHandler...
I see I actually made that change where that navigateTo("/login") happens. GetAccessToken returns null means that the user isn't authenticated, so it should redirect to login in that case...
I think the issue here is rather that the authorization header doesn't need to be set for the "SelfRegister" call, just like it isn't set for the "tokens" calls... so I think the "fix" should be something like this in stead:
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
// skip token and self-register endpoints
if (request.RequestUri?.AbsolutePath.Contains("/tokens") is not true &&
request.RequestUri?.AbsolutePath.Contains("/self-register") is not true)
{
if (await _tokenProviderAccessor.TokenProvider.GetAccessTokenAsync() is string token)
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
}
else
{
_navigation.NavigateTo("/login");
}
}
return await base.SendAsync(request, cancellationToken);
}
Actually it shouldn't be set for any requests that doesn't need the user to be signed in... that also includes the confirm-email, confirm-phone-number and forgot-password calls...
from blazor-wasm-boilerplate.
Ok, if someone has in the future the need to add an anonymous access page, they would have to add it there, also thinking of someone new to the project, you consider that it is the best way to maintain a simple configuration and maintain the
application security?...
from blazor-wasm-boilerplate.
Yeah I know... it's not the best way to handle this... It could be generated somehow by examining the swagger.json... or maybe there are other ways...
It's just that this is now the most pragmatic way... anything else would need some research/design first...
from blazor-wasm-boilerplate.
perfect, i'll do that, thanks for the help
from blazor-wasm-boilerplate.
Would you mind creating a PR with that change, once you get it working properly?
from blazor-wasm-boilerplate.
sure!
from blazor-wasm-boilerplate.
Related Issues (20)
- Resend user email confirmation
- validation not working HOT 1
- The MudDatePicker does not work in the dialogbox HOT 2
- API error messages not getting passed HOT 10
- Make Superadmin role for tenants management
- Search product by Brand name doesnot work
- Cannot login using administrator credentials HOT 15
- Web-api giving exception on clicking Dashboard in Blazor frontend HOT 3
- "TypeError: Failed to fetch" error HOT 1
- HamburgerMenu Bug
- What is the difference between these two projects? I am confused
- MudTable to MudDataGrid HOT 1
- Why does the registration page keep redirecting to the login page as soon as button pressed ? HOT 1
- How to create menu Item on Table. HOT 1
- How to update FSHAPI.cs? HOT 2
- Issue with release builds/publish
- Unable to resolve nuget packages
- How to delete selected items only in EntityTable grid
- How to get selected items from the Entity Table
- Reset-Password UI screen is missing. HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blazor-wasm-boilerplate.