Blazor AuthStateProvider - OK to synchronize Role Claims?
Hey.
I have a .net 8 blazor app using the "new" project style. I'm using static SSR as well as WASM.
By default, the
I've reached the point where I am adding roles, however. I have a page which renders some additional content when the logged in user has the Admin role (using
When the page loads initially, this is visible (to the correct user) due to it rendering through static SSR. When it gets passed over to WASM however, the role claim is missing and the content disappears.
I could sync the role claims across using the Auth state providers above, and am about to do so... My question is, are there any security concerns in doing this? And if so what should be my solution for achieving this instead?
I have a .net 8 blazor app using the "new" project style. I'm using static SSR as well as WASM.
By default, the
PersistingRevalidationAuthenticationStateProviderPersistentAuthenticationStateProviderI've reached the point where I am adding roles, however. I have a page which renders some additional content when the logged in user has the Admin role (using
AuthorizeViewWhen the page loads initially, this is visible (to the correct user) due to it rendering through static SSR. When it gets passed over to WASM however, the role claim is missing and the content disappears.
I could sync the role claims across using the Auth state providers above, and am about to do so... My question is, are there any security concerns in doing this? And if so what should be my solution for achieving this instead?
