By default, Blazor provides a demo app for Identity. What I want is I have an API project that returns jwt token. Now, I want to create a Blazor App using "InteractiveAuto", which means pages can return from the server for the first request and then use web assembly.
2
Answers
Creating an authentication flow in ASP.NET Core 8.0 Blazor with an external API and JWT token involves several steps. Below is a simplified outline of the process. Keep in mind that this is a high-level overview, and you might need to adapt it based on your specific requirements.
Create a Blazor WebAssembly App:
Install Required NuGet Packages:
Configure Authentication Services in
Program.cs
:Configure Authentication in
Startup.cs
:Add Authentication to Blazor App in
App.razor
:Use Authentication in Blazor Components:
Invoke External API and Handle JWT Tokens:
Secure External API with JWT Authentication:
Ensure your external API is configured to accept JWT tokens for authentication. The details depend on the API technology you’re using.
Remember to replace placeholders like "YourExternalApiBaseUrl," "YourApiAudience," and others with your actual values. This is a simplified guide, and you might need to adjust it based on your specific requirements and external API details. Additionally, always consider security best practices when working with authentication and external APIs.
This seemingly simple requirement is actually fairly complex. I have not yet found a definitive example posted of the "official" way to do it, but I’ll provide some details on an implementation that I have developed. I’m using OIDC with Azure Entra for the initial signon and then JWT to access the Api, but hopefully you’ll be able to adapt some of these ideas to your case.
The primary issue is that we need to handle two authentication cases. The first load is using Blazor Server (SSR) and the second load uses WASM. If you remember back to the old .Net 7 templates, there were two very different flows to implement. The SSR route used IHtttpContextAccessor to access the underlying context. The WASM route used the MSAL library.
I assume that you already have a method of signing in and a component that looks something like the following:
ServerProject.Program.cs (Psuedo code only)
ClientProject.Program.cs (Psuedo code only)
AuthorisedComponent.razor
I have implemented a Custom Authentication State provider to enable the different flows and it looks something like this:
CustomAuthStateProvider.cs
It is possible to retrieve the httpcontext if a request is made to a controller in your backend.
Credit to: Damien Boden – Backend for Front End Auth for this idea.
AppAuthController.cs
There are quite a few different concepts here and I’ve distilled a fairly large chunk of code into the essential elements and removed error handling etc., but hopefully you can get the general idea.
I know this use case is a bit different to yours, but hopefully you can work out where to inject your JWT tokens to call the API in this flow. You only provided limited detail, so I’ve had to make a lot of assumptions about your your implementation.
I have got this "working", but there seems to be a fair bit of redundant computation since we need to do auth for both Server and WASM. I hope that an official template is issued soon so that we can see how the makers intended it to be used.