Authentication for Blazor server applications ecosystem

Question

Authentication for Blazor server applications ecosystem

Hayk Manukyan 0

Hi everyone, we are going to develop ecosystem of several Blazor server applications. Our users should have only one account when using those applications. When navigating from one application to another then they do not have to enter username and password again. The users account we would like to store in our servers instead of external for example Azure Active Directory. Please advise what will be the best method to implement such authentication mechanism?

Anonymous

2023-08-07T05:25:56.7366667+00:00

Hi @Hayk Manukyan

You can try to use cookie authentication or Bearer token/JWT token authentication.

To use Cookie authentication, you can share authentication cookies across different projects. Refer to this article: Share authentication cookies among ASP.NET apps.

To use JWT token authentication, when configure authentication or genereate the token, you have to use the same issuer, audience, SigningKey.

Cookies are specific to browsers. Sending them from other kinds of clients adds complexity compared to sending bearer tokens. Cookie authentication isn't recommended unless the app only needs to authenticate users from the browser client. Bearer token authentication is the recommended approach when using clients other than the browser client. More detail information, see ASP.NET Core Blazor authentication and authorization and Authentication and authorization in ASP.NET Core SignalR.

Best regards,
Dillion

1 answer

Your answer

Anonymous

2023-08-07T05:25:56.7366667+00:00

Hi @Hayk Manukyan

You can try to use cookie authentication or Bearer token/JWT token authentication.

To use Cookie authentication, you can share authentication cookies across different projects. Refer to this article: Share authentication cookies among ASP.NET apps.

To use JWT token authentication, when configure authentication or genereate the token, you have to use the same issuer, audience, SigningKey.

Cookies are specific to browsers. Sending them from other kinds of clients adds complexity compared to sending bearer tokens. Cookie authentication isn't recommended unless the app only needs to authenticate users from the browser client. Bearer token authentication is the recommended approach when using clients other than the browser client. More detail information, see ASP.NET Core Blazor authentication and authorization and Authentication and authorization in ASP.NET Core SignalR.

Best regards,
Dillion

Answer 1

oauth is the official single sign on for asp.net core (and blazor). this requires an oauth login server. identity server is the typical onsite server:

https://identityserver4.readthedocs.io/en/latest/

you may be able also use cookie login. this requires all sites have a common domain, which the cookie path can be set to. also all the sites will need data protection services configured to use a common persistent key storage.

note: one issue you will face is cookie expiration. a typical website updates the cookie timeout doing use, but Blazor server only accesses the cookie at app startup, as Blazor server apps are just one request.

Share via

Authentication for Blazor server applications ecosystem

1 answer

Your answer