Question on App registration and difference with hosted blazor wasm #33
Comments
|
Hi @Ponant I set the Azure App registration up like any server rendered application (Web) The auth adds to id_token but a secret, or a certificate is used. If an access token is used, then the code flow is used. This is how MSAL does this. I have 2 Azure App registrations, one for the API and the user delegated flows and one for the Graph application client which requires a separate secret or certificate. If you do not require MS Graph then you can remove this. The Microsoft templates sets up two separate applications, one for the frontend and one for the backend. The WASM is a public app and shares the token in the browser which is no longer recommended best practice. I used the _Host file to add anti-forgery protection because cookies are used to access the server part. If you use the index.html, you cannot do this. You could also use a custom header and then the index.html would work (PWA support). I have an example of how to do this as well. Let me know is something is unclear and I will improve the docs. -Do you have one or two app registrations (server and client)? Greetings Damien |
|
Dear Damien, My situation is a web app hosted on azure and I use azure b2c. All fine and great. If you have an opinion on that I would surely welcome it as my experience in wasm and spa's in general is fairly limited. Besised this, it is nice trick you did with the _Host vs index.html. At least I learned you can use a cshtml file to host the blazor app.... |
|
A bit like here on github: when we insert a comment, the page does not refresh. |
|
And of course the underlying idea is to have a bff model as I do strongly believe that tokens should not live in the browser neither. |
|
Dear Damien, and the Asp.NetCore.Cookie gets set to No idea why that is so and how to circumvent it? |
|
hello, |
|
The Logout needs to come from the full page and not a js request, then it works as in the template. |
|
I set the LAX because the redirect comes from the WASM UI, tried to set this to strict at first |
|
It works if we make an Get request However, the bigger issue for me is how to do a simple todo api, where the controller is on the same server. |
|
Also you do not need the Microsoft Identity UI (at least not in my case where I did not need the graph and external api calls). |
|
Worth noting also is that whenever we log in or log out, there is an extra question mark in the url before redirecting to azure B2C. |
|
This template has a simple todo API Can you not just create a new application using the template and post logout and as simple API will work for you? |
|
I have setup all these things (in production as well) and the template should be a good start, simple APIs and everything working. If you need a PWA, it needs some changes. |
|
But you are using Lax for the Asp.NetCore cookie, right? It works with Lax, not Strict for the auth cookie (I did not succeed). |
|
I think this is to do with the Azure B2C IDP, will look into this |
|
I can help if you want. I have quite a few different custom policies, so if you have some hints on where I can look at, I will gladly do it in parallel to your investigation. |
|
Dear Damien, |
|
Will look at this hopefully this weekend |
Dear Damien,
Sorry to bother with a perhaps silly question.
I am trying to figure out if I am not going to switch and app to use BFF on Azure B2C, so I came accross you template.
-In terms of app registration on the portal, how do you set this up?
-Do you have one or two app registrations (server and client)?
-It seems the auth is using the implicit flow?
Besides this, I am trying to figure out the difference between your template and the Blazor Wasm Hosted that comes from Microsoft?
Why did you put the _Host.cshtml in the server, instead of the index.html in the client that comes from the MS Blazor Hosted Wasm template?
Any further clarifitcation is welcomed.
Thank you
The text was updated successfully, but these errors were encountered: