YOUR_AUTH0_DOMAIN

YOUR_CLIENT_ID

YOUR_WASM_CLIENT_ID

Insert your WebAssembly application Auth0 client id

YOUR_API_IDENTIFIER

Gain insights into securing Blazor applications with Auth0. Delve into setting up Blazor Server and WebAssembly, integrating Auth0 SDK, adding login functions, and protecting components and APIs.

blazor.tar.gz

Blazor Server Starter

Blazor Server Updater and Starter

Blazor WebAssembly Starter

Blazor WebAssenbly Updater and Starter

Blazor is a .NET framework that delivers native performance on web clients through C# runtimes and HTML wrapping. Auth0 helps you secure these applications through identity management, authentication, and authorization.

This course is a step-by-step guide to securing Blazor Server and Blazor WebAssembly applications with Auth0. You’ll start with an introduction to Blazor and its two hosting models— server-side and portable WASM binarie. You’ll then explore Auth0, which is an identity and access management (IAM) platform for connected applications. Next, you’ll set up and run a server application, integrate the Auth0 SDK, and add login functions before testing for security. You’ll finish by creating a Blazor WASM application and protecting each individual component with Auth0, including the UI and the Web API.

By the end of this course, you’ll be equipped with the proper tools to build and deploy secure web applications with the .NET’s Blazor framework and secure them with Auth0.

Securing Blazor Applications with Auth0

We’ll learn how to grant access only to authenticated users in the Blazor WebAssembly application.

# Enable authorization support

To start, we need to enable support for authorization in our Blazor WebAssembly application. We can do this by using a few Razor components.


Let’s add the references to the needed namespaces for authorization support. Open the `_Imports.razor` file in the `Client` folder and add the two namespace references, as highlighted in the following code snippet:

@using System.Net.Http
@using System.Net.Http.Json
@using Microsoft.AspNetCore.Components.Authorization
@using Microsoft.AspNetCore.Authorization 
@using Microsoft.AspNetCore.Components.Forms
@using Microsoft.AspNetCore.Components.Routing
@using Microsoft.AspNetCore.Components.Web
@using Microsoft.AspNetCore.Components.Web.Virtualization
@using Microsoft.AspNetCore.Components.WebAssembly.Http
@using Microsoft.JSInterop
@using MyBlazorWasmApp.Client
@using MyBlazorWasmApp.Client.Shared

We added the following two lines:

- **Line 3**: This is a reference to the `Microsoft.AspNetCore.Components.Authorization` namespace, which makes authorization-related components available to our application.
- **Line 4**: This is a reference to the `Microsoft.AspNetCore.Authorization` namespace, which makes ASP.N<span>ET</span> authorization support available to our application.

Now, let’s replace the current content of the `App.razor` file in the `Client` folder with the following code:

<CascadingAuthenticationState>
    <Router AppAssembly="@typeof(App).Assembly">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
                <Authorizing>
                    <p>Determining session state, please wait...</p>
                </Authorizing>
                <NotAuthorized>
                    <h1>Sorry</h1>
                    <p>You're not authorized to reach this page. You need to log in.</p>
                </NotAuthorized>
            </AuthorizeRouteView>
            <FocusOnNavigate RouteData="@routeData" Selector="h1" />
        </Found>
        <NotFound>
            <PageTitle>Not found</PageTitle>
            <LayoutView Layout="@typeof(MainLayout)">
                <p role="alert">Sorry, there's nothing at this address.</p>
            </LayoutView>
        </NotFound>
    </Router>
</CascadingAuthenticationState>

Let's summarize what this code does:

- **Lines 4–12**:  We use the `AuthorizeRouteView` component, which allows us to customize the content according to the user’s authentication status.
- **Lines 5–7**: The `Authorizing` component wraps the content displayed to users while their authentication status is being evaluated.
- **Lines 8–11**: The `NotAuthorized` component wraps the content shown to unauthorized users.
- **Lines 15–20**: The `NotFound` component wraps the content shown to users when a page does not exist.
- **Lines 1–22**: The entire content is wrapped by the `CascadingAuthenticationState` component, which propagates the current authentication state to the inner components.

All these components enable authorization at the UI level.

Learn to protect the UI of our Blazor WebAssembly application.

Introduction to Blazor and Auth0

Secure Blazor Server Applications

Secure Blazor WebAssembly Applications

Conclusion

Protect the Blazor WebAssembly Application UI

Enable authorization support