Securing Blazor Server
Learn how to secure Blazor Server applications with single sign-on.
As the Blazor Server is a server-hosted ASP.NET Core application that can securely connect to any type of data storage, we have multiple options when it comes to securing the application by applying user authentication and authorization. We can outsource the whole authentication process to an external application by using SSO. Alternatively, if we intend to apply security to only one application, we can build its own authentication mechanism into the application itself.
In this lesson, we will cover the process of securing Blazor Server applications by using its own built-in user database. We will do so with the help of the project below. This project is based on the default Blazor Server project template that has the Individual Accounts authentication option configured. We will look at how the security configuration is added to the project.
<CascadingAuthenticationState> <Router AppAssembly="@typeof(App).Assembly"> <Found Context="routeData"> <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" /> <FocusOnNavigate RouteData="@routeData" Selector="h1" /> </Found> <NotFound> <PageTitle>Not found</PageTitle> <LayoutView Layout="@typeof(MainLayout)"> <p role="alert">Sorry, there's nothing at this address.</p> </LayoutView> </NotFound> </Router> </CascadingAuthenticationState>
The setup contains a user that we can test the login functionality with. The username is user@example.com
and the password is P@$$w0rd
.
Note: The above setup contains a link to the login page. This page includes the link to the registration page, which is managed by the Microsoft Identity library. Due to the limitations of the code playground, the final stage of the user registration process will not work.
Adding authentication dependencies and configuration
There ...