Blazor Cookie not updating AuthorizeView
I'm implementing a simple authorization through Blazor with a separate .NET API. The login form just takes in a password and returns 200 with a cookie or a 401. (This is for an admin dashboard so there will only ever be one user to login) The issue I'm having is that my AuthorizeView doesn't change the view to the Authorized element even though the cookie gets created.
// Admin.razor
@page "/Admin"
@using Microsoft.AspNetCore.Components.Authorization
@using BlazingBlog.Client.Components.Layout
<PageTitle>Admin</PageTitle>
<AuthorizeView>
<Authorized>
<main>
<h2>Admin</h2>
<PostEditForm/>
</main>
</Authorized>
<NotAuthorized>
<main>
<LoginForm/>
</main>
</NotAuthorized>
</AuthorizeView>
// Login endpoint
app.MapPost("api/login",
async (HttpContext context, [FromBody] string password) =>
{
Console.WriteLine($"Body: {password}");
if (password == "password")
{
var claims = new List<Claim>
{
new(ClaimTypes.Role, "Admin")
};
ClaimsIdentity identity = new(claims,
CookieAuthenticationDefaults
.AuthenticationScheme);
ClaimsPrincipal principal = new(identity);
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
principal);
return Results.Ok();
}
return Results.Unauthorized();
});
// Cookie config
builder.Services
.AddAuthentication(CookieAuthenticationDefaults
.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "BlazingCookie";
options.ExpireTimeSpan = TimeSpan.FromHours(1);
options.SlidingExpiration = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
builder.Services.AddAuthorization();
builder.Services.AddCors(options =>
{
options.AddPolicy("BlazingClient", policy =>
{
policy.WithOrigins("https://localhost:7071")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});// Admin.razor
@page "/Admin"
@using Microsoft.AspNetCore.Components.Authorization
@using BlazingBlog.Client.Components.Layout
<PageTitle>Admin</PageTitle>
<AuthorizeView>
<Authorized>
<main>
<h2>Admin</h2>
<PostEditForm/>
</main>
</Authorized>
<NotAuthorized>
<main>
<LoginForm/>
</main>
</NotAuthorized>
</AuthorizeView>
// Login endpoint
app.MapPost("api/login",
async (HttpContext context, [FromBody] string password) =>
{
Console.WriteLine($"Body: {password}");
if (password == "password")
{
var claims = new List<Claim>
{
new(ClaimTypes.Role, "Admin")
};
ClaimsIdentity identity = new(claims,
CookieAuthenticationDefaults
.AuthenticationScheme);
ClaimsPrincipal principal = new(identity);
await context.SignInAsync(
CookieAuthenticationDefaults.AuthenticationScheme,
principal);
return Results.Ok();
}
return Results.Unauthorized();
});
// Cookie config
builder.Services
.AddAuthentication(CookieAuthenticationDefaults
.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.Name = "BlazingCookie";
options.ExpireTimeSpan = TimeSpan.FromHours(1);
options.SlidingExpiration = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
builder.Services.AddAuthorization();
builder.Services.AddCors(options =>
{
options.AddPolicy("BlazingClient", policy =>
{
policy.WithOrigins("https://localhost:7071")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});