I have a Blazor Server app which wants to connect to a .Net Core WebApi. The app should send an authentication request and the WebApi returns a JWT containing user data. For any further communication with the WebApi the JWT should be used to authorize against it.
I'd like to ensure that only authenticated users can access the server app. If someone is not authenticated he or she should be redirected to a login page.
Up to now I've used a combination of default Identity with AzureAD authentication.
Is there any option to have a JWT authentication working the same way?
Related
I'd like my Blazor WebAssembly app to authenticate against an OpenID Connect (OIDC) server. The users should enter their username and password directly in the Blazor WebAssembly app rather than redirected to the server for authentication. Authenticated users should be granted a JWT for further communication.
Can someone provide a tutorial on how to implement this flow properly?
The Blazor WebAssembly app is hosted with ASP.NET Core, which has an OpenIddict authorization server.
I'm in a scenario where there is a Blazor app that has to be protected.
This app need a login on local user store or external auth on google or facebook or MS.
There is a asp.net core project that expose all the API for this Blazor app.
All API are protected [Authorize] and this api project implement also the login api that generate the JWT token.
Whit a local login, the login page was on the Blazor app that called login api, managed the response retriving JWT and store in the local storage. For each request Blazor app sent JWT token to authorized api.
How to manage External Authentication in this case? Is Blazor app that has to generate the call to Google, facebook,... and then the google callback will call the api project to generate the jwt ?
I cannot understand how to let the flow work, as api are protected by JWT, and I guess external authentication has to callback the api to generate jwt, but I how to return back to the Blazor app?
I dont' want to use Identity Server 4 , but I could externalize login page on api project.
I am using IdentityServer4 to secure my API and also to authenticate users, the client is the main ASP.NET Core MVC App, I just want the login interface and UI to be at the MVC App and the login implementation at the IdentityServer, so the IdentityServer must have an API to just receive username and password from the MVC app login page return the token which will be used in cookies
It is a bad idea to move your views for several reasons. Some of them:
If you move the views to your MVC client you will have to create those views in all your clients.
OAuth2 / OpenId Connect should delegate authorization / authentication to your Idp to avoid credentials sharing. Instead of that, you are forced to use Resource Owner Password Credentials which implies that we cannot use the user's consent pages from the Idp.
You won't have Autentication Cookie from your Idp for Single Sign On.
I am using Identity server 4 for authentication. When I use my IS4 login then after authentication of the user, user get redirected to the MVC client. But when the user uses Google Authentication for the same MVC client. Then after google authentication user don't get redirected to the MVC client, the user stays on the authentication server's login page?
I've created a mvc web application that uses openid to authenticate with Azure Ad and get the claims along with the token. I'm interfacing with Web Api to do the business transactions. The web Api is configured to oauth bearer tokens.
I've created separate oauth clients in Azure Ad for the Web App and Web Api. I'm able to get a token for Web Api from the Mvc Controller using AuthenticationContext to send to request to Web Api. I need to know how I can send the current User Claims as well to the Web Api. The claims in the Web Api are not having the claims of the User from the Web App.
Let me provide a bit more context here. I've created a MVC Web Application and a Web Api layer. The MVC Web App is configured to use OpenID authentication using Azure AD and I've configured the Web Api layer to authorize using OAuth Bearer tokens. The actions in the Web Api layer will be called through ajax requests and the bearer token will be added to the header of each Ajax requests. When the User is authenticated in the Web App, additional claims are added to the User on top of the claims from Azure Ad. I'm able to create a token for the Web Api layer using AuthenticationContext.AcquireToken, but the token for Web Api does not have the User info from the Web App.
I'm taking a wild stab in the dark here, based on what I think is happening.
Claims are attached the user, so theoretically, any claim you add in one place should be available in the other, as long as both applications share the same user datastore. However, claims are loaded at the point of authentication and not dynamically updated. As a result, if you're already logged in to the web application and you add a claim with your Web Api, that claim will not be available on the web application side until the user is re-authenticated.