To better understand how authentication works in Blazor, I’m playing around with a minimal implementation of AuthenticationStateProvider
. As expected, if I implement GetAuthenticationStateAsync()
like this, an AuthorizeView
displays the not-authorized content:
public override Task<AuthenticationState> GetAuthenticationStateAsync() =>
Task.FromResult(new AuthenticationState(new ClaimsPrincipal())); // ???? no identity
And if I implement it like this, an AuthorizeView
displays the authorized content:
public override Task<AuthenticationState> GetAuthenticationStateAsync() =>
Task.FromResult(new AuthenticationState(new ClaimsPrincipal(new DummyIdentity())));
private class DummyIdentity : IIdentity
{
public string? AuthenticationType => "Dummy";
public bool IsAuthenticated => true;
public string? Name => "Anonymous";
}
But if I change DummyIdentity.IsAuthenticated
to false, I still see the authorized content. In other words, AuthorizeView
only seems to care whether the claims principal has an IIdentity
, not whether that identity is authenticated. Is this the expected behavior?