I created a test project [Blazor Server - SQL DB and Identity authentication] with Radzen Studio. All good, I can log in and set up roles and users etc.
The issue is that when my session expires (inactivity) it does not redirect to the login screen and can still use the app as though I was logged in.
To test this, I simply added a second page to the generated project and added an extra RadzenPanelMenuItem to the panel menu to link to it.
I log in and can navigate to both these screens as I'm authorised (they both have the [Authorise] attribute set on them.
If I open developer tools and delete the Identity cookie, I can still access both pages and can also go and CRUD users and roles. When I fully refresh the page (F5) it redirects me to the login screen as expected.
How can I make this work correctly, am I missing something?
Thanks!
Hi Enchev, thanks for your reply. Unfortunately setting the cookie expire time is not what I need to do here (I already implemented the change to the service container to set the cookie expire time to a low value for testing purposes).
The issue I have here (sorry for not being clear enough) is that the project that's created in Blazor Studio with Identity still allows the user to access the system even though their login has expired, as the OnInitializedAsync method of RedirectToLogin is only called on full page navigate, not when moving around the system using the menu on the left. This is why when you refresh the browser you are correctly redirected to the login page, but when you move from page to page via the nav menu you don't.