I am working on implementing security in Blazor WebAssembly .Net core hosted application. I need to secure client as well as WebAPI (to be hosted on IIS). As a policy decision, the team has decided to use Windows authentication with
windows AD instead of Azure AD for now.
I see multiple articles on the internet describing how to implement security using Azure AD. But less help is available about securing Blazor WASM using Windows Authentication. Any help in this regard will be highly appreciated. Thanks in advance.
As windows authentication is implemented by the browser, you don’t need any special code. If the blazor code needs roles or user name, you will need to implement a webapi call that returns the info.
Member
2 Points
1 Post
How to secure Blazor WebAssembly application and WebApi using Windows Authentication?
Sep 02, 2020 05:04 AM|satyajits|LINK
I am working on implementing security in Blazor WebAssembly .Net core hosted application. I need to secure client as well as WebAPI (to be hosted on IIS). As a policy decision, the team has decided to use Windows authentication with windows AD instead of Azure AD for now.
I see multiple articles on the internet describing how to implement security using Azure AD. But less help is available about securing Blazor WASM using Windows Authentication. Any help in this regard will be highly appreciated. Thanks in advance.
All-Star
53041 Points
23612 Posts
Re: How to secure Blazor WebAssembly application and WebApi using Windows Authentication?
Sep 02, 2020 10:27 AM|mgebhard|LINK
Pretty simple. Configure IIS to use Windows authentication. Only authenticated user will be able to load the Blazor application.
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio
All-Star
58194 Points
15655 Posts
Re: How to secure Blazor WebAssembly application and WebApi using Windows Authentication?
Sep 02, 2020 02:52 PM|bruce (sqlwork.com)|LINK
As windows authentication is implemented by the browser, you don’t need any special code. If the blazor code needs roles or user name, you will need to implement a webapi call that returns the info.