Is it really correct that I get "Authorization failed" message when not logged in?

[kristofferjalen]

I created a Visual Studio project from the Blazor WebAssembly App template, with Authentication type enabled (set to something else than "Anonymous"). Without any modifications, running the application I get message in the console:

info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed. These requirements were not met:
      DenyAnonymousAuthorizationRequirement: Requires an authenticated user.

Yes, I am not logged in, but should I see that there is a component that is expecting an authenticated user? Is this log message by design?

[javiercn]

@kristofferjalen thanks for contacting us.

It is by design, it comes from Microsoft.AspNetCore.Authorization. As for your question of _ but should I see that there is a component that is expecting an authenticated user?_ the answer is that it doesn't matter. If you are concerned about any "security" implication you should not, the security of your app/endpoints relies on the mechanism protecting them, not on the fact that someone doesn't know they are not authenticated/authorized.

[kristofferjalen]

Very well then, thanks for your answer.