Last week I posted a bug report on an app I'm developing. I couldn't figure out why a nav bar only appeared for logged-in users. Almost 7½ hours of debugging over a 10-day stretch later, and I figured it out.
It turns out that the default
AddAuthorization service provider options blocked a request somewhere, so removing it allowed all the page components to load, even while keeping the authentication-required bits hidden.
// By default, all incoming requests will be authorized according to the default policy
//options.FallbackPolicy = options.DefaultPolicy; // Commenting this out fixed it
That's the fun part of debugging: it's always the last thing you try.