Skip to content

[Blazor] AuthorizeRouteView does not take AuthorizationOptions into account. (FallbackPolicy, DefaultPolicy) #65277

New issue
New issue
Open
Open
[Blazor] AuthorizeRouteView does not take AuthorizationOptions into account. (FallbackPolicy, DefaultPolicy)#65277
Labels
area-blazorIncludes: Blazor, Razor Components
Milestone
Backlog
@Canabale

Description

@Canabale
Canabale
opened on Jan 30, 2026

Is there an existing issue for this?

  • I have searched the existing issues

Actual Behavior

I suspect that the AuthorizeRouteView relies solely on the AuthorizeAttribute and does not consider policies defined in the AuthorizationOptions.
If that's actually the case, it would mean that behavior configured through AddAuthorization is ignored, and the authorize router would not fire the expected NotAuthorized page.

Expected Behavior

The AuthorizeRouteView should utilize the AuthorizationOptions.FallbackPolicy from the DI container to determine the availability of a page without the AuthorizeAttribute.

Without having looked into the AuthorizeView, I'd assume that it would also benefit from a default initialization based on the configured AuthorizationOptions.

Steps To Reproduce

Here is a minimalistic project that visualizes the actual issue:
BlazorAuthorizationOptions

  1. Pull
  2. Compile & Run
  3. Navigate through the pages & play around with the provided user dummies.

.NET Version

10.0.102

Anything else?

  1. Bug or Feature Request?
    I am not quite sure, if this is really a bug or a feature request.
    For me it was unexpected that the AuthorizationOptions didn't implicitly apply to the AuthorizeRouteView, which is why (unexpected behavior) I openend it as a bug.

  2. There is another somewhat similar github issue:
    Add a DefaultPolicy property on AuthorizeRouteView to be used when no Policies are set on a component
    If the AuthorizationOptions would be correctly utilized by the components, I'd assume that this issue would resolve itself.
    If I understood it correctly, it technically requests the FallbackPolicy feature as a parameter.

  3. I'm aware that authentication and authorization behave differently in Blazor apps.
    @javiercn even opened an issue because the current behavior is confusing. And to be honest... I'm one of the confused ones.

  4. Surprisingly, the AuthorizeRouteView seems to handle the DefaultPolicy correctly already. However it would be better if someone else could double check that. My current state of confusion makes me a little unsure if I am just seeing things.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-blazorIncludes: Blazor, Razor Components

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions