MapRazorComponents broken with FallbackPolicy RequireAuthenticatedUser

[davhdavh]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

It seems fallback policy is broken for all blazor modes.

services.AddAuthorization(o => o.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
...
app.UseStaticFiles();
app.UseAuth...();
app.MapRazorComponents<App>()
   .AddInteractiveServerRenderMode();

results in a redirect to login when requesting /_framework/blazor.web.js.

services.AddAuthorization(o => o.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build());
...
app.UseStaticFiles();
app.MapRazorComponents<App>()
   .AddInteractiveServerRenderMode();
app.UseAuth...();

ALSO results in a redirect to login when requesting /_framework/blazor.web.js.

Expected Behavior

Putting Maps before UseAuth... => no auth check
Putting Maps after UseAuth... => auth check for pages, but not for staticfiles

Steps To Reproduce

See above

Exceptions (if any)

No

.NET Version

8.0.100-rc.2.23502.2

Anything else?

No response

Thanks for contacting us.

We're moving this issue to the .NET 9 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[codymullins]

Is there any kind of workaround here or timeline to a fix?

[bmarkovic17]

I've ended up putting @attribute {Authorize] which will use the default policy on all of my blazor components which by default is that a user needs to be authenticated, but can be adjusted if needed.