Supporting roles’ and policies’ authorization
Securing your application might not be just about having an authenticated user; it often requires more granular control. You may need to grant access to specific features or pages based on the user’s role. Blazor’s native authorization APIs – the Authorize
attribute and the AuthorizeView
component – support both roles and policies that you will find familiar from MVC applications or REST APIs.
Let’s implement roles and policies, fine-tuning a settings page to display different content for administrators and standard users.
Getting ready
Before we put policies and roles in place, do the following:
- In the server-side project, create a
Components
/Recipes
/Recipe06
directory – this will be your working directory. - Copy the
Settings
component from the Modifying a user’s identity recipe or from theComponents
/Recipes
/Recipe05
directory in the GitHub repository. ...