1,673 questions
Cookie & Blazor Server-side
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 95%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKA%3C/text%3E%3C/svg%3E)
Kevin Azure
141
Reputation points
Is Cookie supported by Blazor Server-side?
How to use Cookie to store Login/Session information?
[so the duplicate login prompt won't come for N days]
Developer technologies .NET Blazor
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 77,686 Reputation points Volunteer Moderator2023-05-05T17:26:35.2766667+00:00 Blazor server uses cookie authentication. Just config the identity cookie the way you would for any asp.net core website.
when blazor server needs authentication it redirects to the login, which unloads the app. Then after login redirects back, the app is reloaded. Unless saved, all state values will be lost. You can avoid this by requiring authentication if the hosting page.
note: typically with blazor WASM you would use bearer tokens.
-
Kevin Azure 141 Reputation points
2023-05-05T21:05:48.7866667+00:00 @Bruce (SqlWork.com) Thanks for reply.
So my implementation of Blazor-serverside is as below:
- Login prompt user with username/password
- Use cookie to store login info (so for next N days no login prompted)
- Create AccessToken & RefreshToken for accessing WebAPI
Where should I store the AccessToken & RefreshToken?
Should I store AccessToken in cookie too?
Should I store RefreshToken in cookie too?
Or, Generate both of them dynamically everytime a cold user session restored?
-
Bruce (SqlWork.com) 77,686 Reputation points Volunteer Moderator
2023-05-07T00:09:39.4233333+00:00 if you want to call the webapi on the behalf of the user, then you need an access token for your webapi. see (EnableTokenAcquisitionToCallDownstreamApi). you also want to cache the refresh token.
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(Configuration) .EnableTokenAcquisitionToCallDownstreamApi(new[] { Configuration["scopes"] }) .AddInMemoryTokenCaches();the default cache is a in memory cache tied to the user id claim. you will need to implement a persistent store for the refresh cache if you want it to last days
with blazor you could also cache refresh token in local storage on the browser.
another approach, is your webapi trusts your front-end site. the frontend would use its service account to get the access token to call the webapi. The user id would be part of the payload.
the main understanding of blazor server, is that there is one web request to setup the hub, and this hub is used to update the UI. the server code has access to httpcontext of the original request that started the hub, but its stale. it is only updated if the blazor app exits and is restarted. your blazor server code in running in that original http request context. the cookie is the cookie at the start of the request. all cookie data can expire. the only way to update the cookie is to reload the blazor app.
just think of blazor server as a long running web request that may take days to complete. the blazor app runs in this request. the blazor server code can do anything a normal web request code can do.
-
Kevin Azure 141 Reputation points
2023-05-07T16:57:19.9733333+00:00 Thanks - but that was too much options to comprehend.
What is your suggestion instead of AddInMemoryTokenCaches() to persist access token & refresh token in web application?
Sign in to comment -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)