imhven
/
abp
mirror of https://github.com/abpframework/abp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '24fcdcf92a'
${ noResults }
abp/docs/en/UI/Blazor/Authorization.md

76 lines
2.9 KiB
Raw Blame History

# Blazor UI: Authorization
Blazor applications can use the same authorization system and permissions defined in the server side.
> This document is only for authorizing on the Blazor UI. See the [Server Side Authorization](../../Authorization.md) to learn how to define permissions and control the authorization system.
## Basic Usage
> ABP Framework is **100% compatible** with the Authorization infrastructure provided by the Blazor. See the [Blazor Security Document](https://docs.microsoft.com/en-us/aspnet/core/blazor/security/) to learn all authorization options. This section **only shows some common scenarios**.
### Authorize Attribute
`[Authorize]` attribute can be used to show a page only to the authenticated users.
````csharp
@page "/"
@attribute [Authorize]
You can only see this if you're signed in.
````
The `[Authorize]` attribute also supports role-based or policy-based authorization. For example, you can check permissions defined in the server side:
````csharp
@page "/"
@attribute [Authorize("MyPermission")]
You can only see this if you have the necessary permission.
````
### AuthorizeView
`AuthorizeView` component can be used in a page/component to conditionally render a part of the content:
````html
<AuthorizeView Policy="MyPermission">
<p>You can only see this if you satisfy the "MyPermission" policy.</p>
</AuthorizeView>
````
### IAuthorizationService
`IAuthorizationService` can be injected and used to programmatically check permissions:
````csharp
public partial class Index
{
protected override async Task OnInitializedAsync()
{
if (await AuthorizationService.IsGrantedAsync("MyPermission"))
{
//...
}
}
}
````
If your component directly or indirectly inherits from the `AbpComponentBase`, `AuthorizationService` becomes pre-injected and ready to use. If not, you can always [inject](../../Dependency-Injection.md) the `IAuthorizationService` yourself.
`IAuthorizationService` can also be used in the view side where `AuthorizeView` component is not enough.
There are some useful extension methods for the `IAuthorizationService`:
* `IsGrantedAsync` simply returns `true` or `false` for the given policy/permission.
* `CheckAsync` checks and throws `AbpAuthorizationException` if given policy/permission hasn't granted. You don't have to handle these kind of exceptions since ABP Framework automatically [handles errors](Error-Handling.md).
* `AuthorizeAsync` returns `AuthorizationResult` as the standard way provided by the ASP.NET Core authorization system.
> See the [Blazor Security Document](https://docs.microsoft.com/en-us/aspnet/core/blazor/security/) to learn all authorization options
## See Also
* [Authorization](../../Authorization.md) (server side)
* [Blazor Security](https://docs.microsoft.com/en-us/aspnet/core/blazor/security/) (Microsoft documentation)
* [ICurrentUser Service](CurrentUser.md)
Reference in new issue View Git Blame Copy Permalink