Blazor UI: Authorization

Blazor applications can use the same authorization system and permissions defined in the server side.

This document is only for authorizing on the Blazor UI. See the Server Side Authorization to learn how to define permissions and control the authorization system.

Basic Usage

ABP Framework is 100% compatible with the Authorization infrastructure provided by the Blazor. See the Blazor Security Document to learn all authorization options. This section only shows some common scenarios.

Authorize Attribute

[Authorize] attribute can be used to show a page only to the authenticated users.

@page "/"
@attribute [Authorize]

You can only see this if you're signed in.

The [Authorize] attribute also supports role-based or policy-based authorization. For example, you can check permissions defined in the server side:

@page "/"
@attribute [Authorize("MyPermission")]

You can only see this if you have the necessary permission.

AuthorizeView

AuthorizeView component can be used in a page/component to conditionally render a part of the content:

<AuthorizeView Policy="MyPermission">
    <p>You can only see this if you satisfy the "MyPermission" policy.</p>
</AuthorizeView>

IAuthorizationService

IAuthorizationService can be injected and used to programmatically check permissions:

public partial class Index
{
    protected override async Task OnInitializedAsync()
    {
        if (await AuthorizationService.IsGrantedAsync("MyPermission"))
        {
            //...
        }
    }
}

If your component directly or indirectly inherits from the AbpComponentBase, AuthorizationService becomes pre-injected and ready to use. If not, you can always inject the IAuthorizationService yourself.

IAuthorizationService can also be used in the view side where AuthorizeView component is not enough.

There are some useful extension methods for the IAuthorizationService:

  • IsGrantedAsync simply returns true or false for the given policy/permission.
  • CheckAsync checks and throws AbpAuthorizationException if given policy/permission hasn't granted. You don't have to handle these kind of exceptions since ABP Framework automatically handles errors.
  • AuthorizeAsync returns AuthorizationResult as the standard way provided by the ASP.NET Core authorization system.

See the Blazor Security Document to learn all authorization options

See Also

In this document