> For the complete documentation index, see [llms.txt](https://rely-ky.gitbook.io/net8/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://rely-ky.gitbook.io/net8/.net8-server-app-ren-zheng-shi-zuo.md).

# .NET8 Server App 認證試作

## 登入程序要點

.NET8 採用並新的框架，~~不過登入認證大體上的流程與 .NET6 是一致的。~~

{% hint style="danger" %}
更正。.NET8 的登入有關鍵性改變。

在 .NET 8 或更新版本中，改用 [`AddCascadingAuthenticationState()`](https://learn.microsoft.com/zh-tw/aspnet/core/blazor/security/?view=aspnetcore-8.0#troubleshoot-errors) 。請勿使用 [CascadingAuthenticationState](https://learn.microsoft.com/zh-tw/dotnet/api/microsoft.aspnetcore.components.authorization.cascadingauthenticationstate) 元件，理論上效果相同。實際上有落差！應該是bug。

在 .NET 7 或更早版本中，使用`<CascadingAuthenticationState> 元件讓UI可取得授權。`

在 NET8 Blazor Web App，HttpContext 只在 page reload 才會更新。

因 NET8 變更授權行為，使得加值授權在某些間隙狀況下會無效！

在 NET6 的 `RevalidatingServerAuthenticationStateProvider` 已無效，因為它不是 Blazor Server App
{% endhint %}

<mark style="color:red;">補充 on 2024-5-30</mark>

<mark style="color:red;">在 NET8 Blazor Web App，HttpContext 只在 page reload 才會更新。</mark>

<mark style="color:red;">嘗試找到的所有方法：Circuit、Middelware、CookieAuthenticationEvents、IHttpContextAccessor 或  RevalidatingServerAuthenticationStateProvider 都無法偵測 Auth cookie 已被手動強製刪除。將會一直保持在登入狀態直到 page reload 才會刷新(囧)。</mark>

### 參考文章 - ASP.NET Core Blazor 驗證與授權 - 針對錯誤進行疑難排解

{% embed url="<https://learn.microsoft.com/zh-tw/aspnet/core/blazor/security/?view=aspnetcore-8.0#troubleshoot-errors>" %}
針對錯誤進行疑難排解
{% endembed %}

{% embed url="<https://learn.microsoft.com/zh-tw/aspnet/core/signalr/authn-and-authz?view=aspnetcore-8.0>" %}
驗證連線到 SignalR 中樞的使用者
{% endembed %}

### NET8 授權相關文章

* [不透過 ASP.NET Core Identity 使用 cookie 驗證 - 回應後端變更](https://learn.microsoft.com/zh-tw/aspnet/core/security/authentication/cookie?view=aspnetcore-8.0#react-to-back-end-changes)
* [伺服器端 ASP.NET Core Blazor 其他安全性情節 - 用來為自訂服務擷取使用者的線路處理常式](https://learn.microsoft.com/zh-tw/aspnet/core/blazor/security/server/additional-scenarios?view=aspnetcore-8.0#circuit-handler-to-capture-users-for-custom-services)
* &#x20;[ASP.NET Core Blazor 驗證與授權 - 針對錯誤進行疑難排解](https://learn.microsoft.com/zh-tw/aspnet/core/blazor/security/?view=aspnetcore-8.0)
* [ASP.NET Core Blazor 驗證與授權 - 資源授權](https://learn.microsoft.com/zh-tw/aspnet/core/blazor/security/?view=aspnetcore-8.0#resource-authorization)
* [ASP.NET Core BlazorSignalR 指引 - 監視伺服器端線路活動](https://learn.microsoft.com/zh-tw/aspnet/core/blazor/fundamentals/signalr?preserve-view=true\&view=aspnetcore-8.0#monitor-server-side-circuit-activity)
* [Access HttpContext in ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-context?view=aspnetcore-6.0#access-httpcontext-from-middleware)
* [Resource-based authorization in ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/security/authorization/resourcebased?view=aspnetcore-8.0)
* [ASP.NET Core 中的原則型授權](https://learn.microsoft.com/zh-tw/aspnet/core/security/authorization/policies?view=aspnetcore-8.0)

使用新的 [`AddCascadingAuthenticationState()`](https://learn.microsoft.com/zh-tw/aspnet/core/blazor/security/?view=aspnetcore-8.0#troubleshoot-errors) 方式在UI取授權經測試，用`<F5>`刷新UI時會無效 => 404！這應該是bug。測了無數次發現是客製 CustomAuthenticationStateProvider 在`<F5>`刷新UI時沒有執行，所以授權不足，然後... 轉到 404 了! (囧) 。不過“正常使用”的話沒有此問題。

在實務上廢除自訂 CustomAuthenticationStateProvider 元件。已採用替代方案了，不過未實在到此範例。

## 其他差異

差別一：`@rendermode`。需明確知道該 page 的 interactive render mode。不同 `@rendermode`&#x20;

差別二：新版的 razor page 改成 `*.razor`。也可以有條件的鑲入 blazor component。副檔名與 blazor componnet 一樣，這很容易混亂。

不同 `@rendermode` 的通訊方法完全不同。

* Server => SignalR
* WebAssemply => WebAPI / JSON
* non-interactive => Form Submit

## 開發環境

* 平台: .NET8
* 框架: Blazor Server App (global)
* IDE: Visual Studio 2022
* Auth with cookie

## 完整原始碼

{% embed url="<https://github.com/relyky/N8BlazorServerAuth>" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rely-ky.gitbook.io/net8/.net8-server-app-ren-zheng-shi-zuo.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.