blazor webassembly windows authentication + .netcore hosted

Question

Im still learning blazor and would like to make some solution in it, but requirment would be to use windows something like windows auth (user login is enough) i known that windows auth is not implemented/availible by now - will be in future?

So scenario would be:

-run wasm in browser

-implement

  public class MyAuthStateProvider: AuthenticationStateProvider

in

  Task<AuthenticationState> GetAuthenticationStateAsync()

-get windows username there(how??)

-make some post to api with this username, get from api all userinfo from existing DB + token for next api calls

-return it to wasm and go.

Can someone please point me direction? i searched alot but most of solutions was due to serwer-side blazor - i need it wasm. I found also alot with implementing new custom authorization on server-side, custom registration etc - i already have database with my users..

or should it be made totally different way?

thanks and regards

Answer 1

d00lar controller didn't work form me but this worked:

instead

return Ok(this.httpContextAccessor.HttpContext.User.Claims.Where(p => p.Type== ClaimTypes.Name).FirstOrDefault().Value.ToString());

I used

[HttpGet]
[Authorize]
[Route("winuserid")]
public async Task<string> GetUserID()
{
    string userid;
    userid = User.Identity.Name;
    return userid;
}

Also i had to add

       app.UseAuthorization();

in Server project Startup.cs

Answer 2

As @Panagiotis-Kanavos pointed out, if you deploy a "hosted" full WASM app (ie "Blazor Webassembly" project with the "Hosted" option selected) to IIS, (using the "Server" project, not the "Client" project), then the Server project becomes just a normal .NET Core site with a WASM app wrapped inside.

What this effectively means is that you can use the "Server" project to set Windows Authentication.

Windows Authentication is greyed out/not available on the WASM project because the WASM project is not a host it is simply an assembly running in the browser.

So, if you turn on Windows Auth on the deployed Server project, then you can use IIS authentication/process Windows claims the same way you would normally do for any .NET Core app. The WASM project will likely need to use the .NET Core Server API to get/receive/process these claims, but that overhead is minimal compared to implementing a custom Windows Auth scheme.

Ie no need to implement custom code to turn it on, just enable the following on the Server project:

Reminder: The WASM app can be deployed but in this case that's not what you want - you want to deploy the "Server" project to IIS - Visual Studio has included logic that automatically wraps the WASM/Client app in the Server project for you.

Answer 3

ok so if nobody knows i will post answer

on SERVER project we need to allow anonym + windows auth (on iis can be only windows - anonym is needed for debug in Kestrel only)

also on server project we need to install

Microsoft.AspNetCore.Authentication.Negotiate

in ConfigureServices we need to add services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();

and then in some controller for example

 [Authorize]
 [Route("getuser")]
 public ActionResult Index()
 {
        return Ok(this.httpContextAccessor.HttpContext.User.Claims.Where(p => p.Type== ClaimTypes.Name).FirstOrDefault().Value.ToString());
 }

so we need to get from this route in wasm and we are done - this is how to get windows username in Web assembly

Answer 4

previous answer is a bit outdated so i created a git repo where i created sample app that use windows auth + authStateProvider + jwt for accessing api + swagger where we can also run getuser method, grab JWT token and paste as authorization for it. in .net 6

it is not perfect but decent. so everyone can see possibilityes and adopt to own needs

https://github.com/d00lar/BlazorWasmAuthStateProvicerWindowsAuthAndJWT

regards