Blazor server single tab authentication with Microsoft.identity.web

Question

I have a blazor server app with working authentication using microsoft.identity.web. When authenticated the app will automatically log in on multiple tabs in the browser, on multiple seperate browser instances and also after reopening the browser after it has been closed. I want authentication to be limited to the current browser tab only and not bleed across to other tabs or browser instances.

Answer 1

the standard authentication works as follows. assume the blazor app has anonymous index pages and authenticated pages.

1. the app hosting page uses javascript to open a signal/r connection to the server, passing any existing authentication cookie. if the cookie is found, the identity user is passed to the circuit state to be used for injection.
2. the app navigates (internal) to a component that requires authentication. if the user identidy is not defined, the app uses javascript to close the connection and navigate to the the actual login page.
3. the login page preform authentication, and sets the authentication cookie and redirects back to the page hosting the blazor app
4. the blazor host page reads the cookie and uses javascript to restart the blazor app. note, that unless persisted the previous state is lost.

as the cookie is only needed for a short amount of time, from the login page to the blazer startup, you can make it short duration (30 - 60 seconds). this will limit the reuse in new tabs.

any fancier will require custom code. you could create a one time use ticket, passed n the cookie, and used in verification.