Authentication and Authorisation Best Practice in Blazor Webassembly
Question
I am about to embark on building a new online system with Blazor Webassembly (net 6.0) which will require users to log in before they can make use of any of the features.
I am currently trying to decide on the best approach to dealing with authentication and authorisation. Previously, when setting up a new Blazor project I have used the built in authentication by selecting the 'Individual User Accounts' option and then scaffolded the razor pages on the server project. I like this option because it uses IdentityServer and that feels like a safer option for me as I am certainly no expert on security. However, as part of this new system, certain users will need to be able to administrate other users within their own company and I don't really want to have to send them to the razor pages to do this as I'm using a component library (Radzen) on the client side and the look and feel will be inconsistent between client and server.
I've found a great tutorial from Chris Sainty that will enable me to set up authentication and authorisation myself, but I've got doubts over whether it will be secure enough if I go this route.
I guess the questions I have that will help me decide either way are:
- Is it possible to use Blazor component libraries like Radzen on the ASP.NET Core hosted project?
- If not, is it possible to create user management pages client side using Razor components and somehow get those to communicate with the set up server side? I will need admin users to be able to create, update and delete users.
- Finally if the two options above aren't possible, is there anything in particular that I need to be considering when setting up authentication and authorisation myself to make sure that the system is as secure as possible?
Thanks.
1 answers
solution1
1 ACCPTED 2022-05-10 18:11:10
Is it possible to use Blazor component libraries like Radzen on the ASP.NET Core hosted project?
Yes, you can embed Razor components in Razor Pages pages.
is it possible to create user management pages client
Yes, it is... But then any security measure taken by you is rendered useless. Never do such a thing. Instead, create the user management pages on the Asp.Net Core Server project ( hosted, right ?), and navigate your users to these pages from Blazor pages. You may embed Radzen components (Razor components) in these pages.
Finally if the two options above aren't possible, is there anything in particular that I need to be considering when setting up authentication and authorisation myself to make sure that the system is as secure as possible?
I wouldn't recommand choosing this path. It is hard, hazardous, and not effective. Use existing systems.
As far as I can understand your issue is the look of the UI, right ? In that case, you can scaffold pages such as the Login.cshtml and give them a look of a Radzen component. It's not hard to let the user believe he's navigating in the same web site. This is the way I recommand to do that. Or embed Radzen components in those pages, and make them communicate with each other.
Simple example
Suppose you want the Login.cshtml to look as if it was a Radzen component, and Radzen suite contains a Login component ( I'm not familiar with those libraries). In that case, you should first scaffold the Login.cshtml page, and either embed the Radzen Login component in the Login Razor Pages page you've just scaffolded, or, this should be much much easier, just copy the CSS used in the Radzen Login component, and use it in your scaffolded Login page.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.