Authentication and Authorization in ASP.NET Core Blazor
This course will teach you how to secure your Blazor application using a variety of best practice techniques for authentication and authorization.
What you'll learn
In this course, Authentication and Authorization in ASP.NET Core Blazor, you’ll learn to secure your Blazor applications. First, you’ll explore how the different Blazor flavors have a profound effect on authentication and authorization. Next, you’ll discover how to use local user management and login screens with Blazor Identity and how to delegate all of that to an external identity provider over OpenID Connect: Microsoft Entra ID. Finally, you’ll learn how to protect the APIs your Blazor app integrates with, both local and remote APIs. When you’re finished with this course, you’ll have the skills and knowledge needed to secure your Blazor applications.
Table of contents
- Coming Up 1m
- Approaches to Identity and Access Management 3m
- Introducing Blazor Identity UI 2m
- Demo - Enabling Blazor Identity UI 8m
- Demo - Explaining How Blazor Identity UI and ASP.NET Core Identity Tie in with ASP.NET Core 4m
- How Cookie Authentication Works 4m
- Demo - Logging In and Out 5m
- Summary 2m
- Coming Up 1m
- Authentication State Providers and Cookie Authentication 11m
- Demo - Providing an Authentication State 12m
- Demo - Hiding or Showing Parts of the UI Depending on the Authentication State 4m
- Demo - Showing User Information in the UI 2m
- Demo - Using Authentication State Data in Procedural Logic 4m
- Demo - Inspecting Authorized Routing 3m
- Summary 2m
- Coming Up 1m
- OAuth2 and OpenID Connect in a Blazor World 7m
- Current Best Practices for Blazor 3m
- Demo - Introducing the Demo Application 3m
- Demo - Configuring Entra ID 7m
- Demo - Adding and Configuring the OpenID Connect Middleware 8m
- Demo - Logging In 9m
- Demo - Logging Out 4m
- Demo - Using a Configuration File 2m
- Summary 1m
- Coming Up 1m
- Protecting a Local API with Cookies 8m
- Demo - Protecting a Local API with Cookies for Client-side Rendering 3m
- Demo - Protecting a Local API with Cookies for Server-side Rendering 4m
- Protecting a Remote API with a Token 4m
- Demo - Configuring Entra ID 6m
- Demo - Requiring a Token for the Remote API 5m
- Demo - Gaining Access to the Remote API with a Token for Server-side Rendering 10m
- Demo - Removing the Dependency on HttpContext 5m
- Demo - Gaining Access to the Remote API with a Token for Client-side Rendering 4m
- Gaining Long-lived Access with Refresh Tokens 3m
- Demo - Managing Token Lifetime and Expiration 2m
- Blazor Identity, OAuth2 and OpenID Connect 3m
- Summary 2m
- Coming Up 1m
- RBAC, ABAC, and Authorization Policies 3m
- Demo - Returning Additional Claims in the Token 2m
- Demo - Writing an Authorization Policy 4m
- Demo - Applying an Authorization Policy in Blazor 4m
- Demo - Adding an Access Denied Page 2m
- Demo - Applying an Authorization Policy to the API 13m
- Summary 1m
About the author
Kevin Dockx is a freelance solution architect, author & consultant, living in Antwerp (Belgium). He's mainly focused on solution/application architectures & security for web-based (API) applications built with .NET, but he also keeps an eye out for new developments concerning other products from the .NET stack. He's a Microsoft MVP and board member of the RD MS Community. He's also a regular speaker at various (inter)national conferences & user group events, and works on various open source pro... more