Blazor Server Side - Authentication without using Identity

Arnold Mendoza 11 Reputation points
2021-08-10T14:23:40.88+00:00

Good Day Everyone

I'm new on using Blazor Server Application, currently on our company we have a exisiting User/Account database, that all our projects are using, now I have succesfully created a cookie based authentication on my ASP.NET Core MVC projects, but I'm having a problem on using it on my Blazor Server Side Application, all I can see is using Identity, the problem is we are still using the old account database and Identity won't match on it, the question is, is there any other solution to have a authentication without using Identity? Hope you can help me on this.

Thanks and Regards.

Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,595 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Chao Deng-MSFT 796 Reputation points
    2021-08-11T02:49:48.88+00:00

    Hi @Arnold Mendoza ,

    If you don't want to use identity for authentication, the authentication in the Blazor server application can be done by registering a cookie or JWT authentication handler. Because the Blazor server runs in an ASP.NET Core application, cookie authentication is simpler. You can do this by adding Cookie AuthenticationHandler to the ConfigureServices method in Startup.cs:

    services.AddAuthentication()  
         .AddCookies();   
    

    You then also need to instruct the Middleware to inspect incoming Request wheter they have a valid Cookie so that then the ClaimsPrincipal property on the HttpContext can be set:

    app.UseAuthentication();  
    

    By using this configuration every User that requests your app with a Cookie you issued to them by calling SignInAsync from a controller is authenticated. You cant append a Cookie to a Http response inside a Razor Component because the Response has already finished (all changes are send over the WebSockets Connection). You then can use the built in AuthorizeView component to only render content to authenticated users. Without further configuration every user that you issued a cookie to is authenticated.

    You can also use JWT authentication. As it is the case with Cookies ASP.NET Core has also built-in middleware to achieve that. In such case I would build a custom AuthenticationProvider that implements the abstract class AuthenticationStateProvider. Inside the GetAuthenticationStateAsync() method you retrieve the token from LocalStorage. You then need to check its validity so the according AuthenticationState can be returned (Its has a property of type ClaimsPrincipal).

    You can build your own Authorization Filter and check for the tokens validity.


    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,

    ChaoDeng

    1 person found this answer helpful.

  2. Bruce (SqlWork.com) 66,226 Reputation points
    2021-08-10T15:13:18.86+00:00

    Server side blazor just uses HttpContext.User for authentication. Your custom provider middleware just needs to fill this in. Google for examples.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.