Kestrel Hosted Blazor WASM + Microsoft Identity / JWT Template with Roles & Policies.
Code copied from Chris Sainty's blog: "Securing Your Blazor Apps (Part 2/3/4)"
Change log:
- Jan 12, 2022 - Updated to .NET 6.01
- Jun 20, 2021 - Code Cleanup
- Jun 19, 2021 - Added a couple of additional IdentityUser Fields
- /Server/Models/ApplicationUser.cs & DB Migration
- Jun 18, 2021 - Updated to .NET 6 preview 5
- except for
Microsoft.AspNetCore.Authentication.JwtBearer, it has a bug
- except for
- Jun 17, 2021 - Updated to use .NET 6 Preview 4
- Furthermore this template uses a SQLite Database (which is included in the repo) instead of SQLServer
Be sure to check out Chris Sainty's book "Blazor in Action". This book is an example-driven guide to building client-side web apps using C# and .NET - and now available to buy via the Manning Early Access Program (MEAP).
This template uses Microsoft Identity (which is not IdentityServer) so you'll get all of the Microsoft Identity Database Tables with normalized fields, security stamps & password hashing etc. etc.
With this you don't need IdentityServer4/5.. for Hosted Blazor WASM anymore, plus authorization & authentication is done in the Blazor Client App itself (with a REST API/JSON to the server)), it doesn't redirect you to the IdentityServer (Areas/Identity) Register/Login Razor Pages on the server.
User/Login Information:
Counter Menu (User Policy)
- user name: [email protected]
- password: Qwerty1234#
Fetch Data Menu (Admin Policy)
- user name: [email protected]
- password: Qwerty1234#
NOTE: Although it runs out of the box, I've done this upgrade in a day and it's possible I've made some errors. This is just a template to get you started, don't use it in production (see for example: Server/Controllers/AccountsController.cs)
Also this sample template needs to be updated so it automatically refreshes its JWT tokens (Now it uses tokens valid for a day when you login).