Blazor 8 Interactive Server Authentication - How to get behaviors like renew, expire #56580
Replies: 3 comments
-
|
I have the same problem where my cookie expire but blazor server still run without returning to login page it look like the problem is related MapBlazorHub. Have you found something? I'm not sure if there is a solution to apply. |
Beta Was this translation helpful? Give feedback.
-
|
Unfortunately not yet. |
Beta Was this translation helpful? Give feedback.
-
|
"You don't typically use AuthenticationStateProvider directly. Use the AuthorizeView component or Task approaches described later in this article. The main drawback to using AuthenticationStateProvider directly is that the component isn't notified automatically if the underlying authentication state data changes." so maybe it helps in your case using AuthorizeView + AuthenticationState. You can try and see if the component is notified. Then you should see the message "not authenticated". For the redirect to login, heh, i found that the Authorize attribute works in certain cases, i don't remember if just server rendering or if it also needed to be global. Anyway for the renewal of the cookie i'm trying these days, in a base component class i have a service with a periodic timer that uses JsInterop to make a fetch call to a controller. It appends automatically the cookie and tries the authentication process. Sorry I can't be more precise. |
Beta Was this translation helpful? Give feedback.
-
I hope this is is a place where I can ask this, because I have been around the web and unfortunately couldn't find the solution to my problem.
I am developing a Blazor 8 Interactive Server App with default atuhentication provided by visual studio template, the one that uses IdentityRevalidatingAuthenticationStateProvider. So far, I understand that this system uses a cookie which stores the authentication token, and when that token expires the authentication state will expire. Now this is where I ran into problems. What I want to achieve is a expiry period of 1 hour, which will be renewed with UI actions, and if no UI actions, will logout the user.
Because I didn't see how the token expires with default implementation of the template, through extensive searching I found the following solution to configure my cookie:
builder.Services.ConfigureApplicationCookie(options => { options.Cookie.HttpOnly = true; options.ExpireTimeSpan = TimeSpan.FromMinutes(2); //for testing options.SlidingExpiration = true; options.LogoutPath = "/logout"; options.LoginPath = "/login"; });It is worth to note that I am not using the default Account pages provided by the template, all of my pages are interactive, and instead I am using a middleware for login and logout.
So, with this I found that while using the app, when the expire time passes, the cookie is removed, but the user is staying authenticated. Further research I found that it is due to a Blazor Circuit system, the authentication happens at app startup and the user state is persisted through out connection period. Through a Github post I kinda solved this with the following code-
app.MapBlazorHub(o => { o.CloseOnAuthenticationExpiration = true; }).WithOrder(-1);The above code, though some one on that post stated that this is a workaround and not the preferred approach and will break in blazor 9, solves part of the problem. When the cookie expire time hits (ie. 2 mins) the circuit is forcing a logout. But I still need a way to renew the authentication token to users don't get logged out unexpectedly during work. Rather the token should be renewed while they are using the app, it might be during navigation, or an activity (like is it possible that activity over circuit).
Kindly help me figure this out.
Beta Was this translation helpful? Give feedback.
All reactions