Aspnetcore.docs: There is no info on how to actually implement custom login form for server-side blazor

Created on 1 Feb 2020 · 5Comments · Source: dotnet/AspNetCore.Docs

It said here that Blazor server uses AuthenticationStateProvider but not much on how to actually implement your own simple email-password authentication to login users. And I mean your own, not redirecting to /Account/Login (as it seems in example projects), because redirecting to Identity Core default /Account/Login is somewhat never used way. People will always need custom login page/component with their styles and their behaviour.

For people coming from MVC and React/Angular Blazor seems like some magical thing with multiple possibilities.

So it's natural that they will go and use Identity Core as simple as it is: SignInManager.PasswordSignIn

Unfortunately, people will stumble upon error that they would not know how to resolve, about headers etc (because it seems SignInManager is suited for http requests based authentication and not socket based authentication).

Leaving developers using Blazor server without information how to actually authenticate with your simple 2 inputs 1 button form (one of the most basic things for fullstack frameworks, knowledge how to login your users)

I'm not sure myself how to actually login users in Blazor server without creating multiple inherited classes for each application (which seems very excessive for basic need to login users) to recreate your own token based authentication for SignalR, but it would be very nice if Blazor will give us some more magic to easily login users via some kind of builtin BlazorSignInManager or something.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: c9942b0a-a7fb-0d34-9201-af0963affa9e
Version Independent ID: 19770710-5225-a1ea-e082-65da6ba4a49a
Content: ASP.NET Core Blazor authentication and authorization
Content Source: aspnetcore/security/blazor/index.md
Product: aspnet-core
Technology: aspnetcore-security
GitHub Login: @guardrex
Microsoft Alias: riande

P1 Source - Docs.ms

Source

idchlife

Most helpful comment

@idchlife ... Ignore what I just put here. :smile: I'm trying to understand your scenario. It now looks to me like you're trying to implement Identity via a component ... not a Razor Page. You're saying that the SignInManager is failing in your component. Let me get back to you. I think we have something for that.

guardrex on 2 Feb 2020

👍2

All 5 comments

guardrex on 2 Feb 2020

👍2

Ok ... I have the info. They're working on it for 5.0. For example, there are issues like these in the engineering repo ...

It looks like for your scenario, the best that you can do is use Razor Pages-based scaffolded Identity UI. Then, you'll probably show/limit content in components with the AuthorizeView component, as the topic shows.

If you do some additional searching over in the engineering repo, perhaps using the area-blazor label, you'll probably find issues/PRs for the work they're doing to support Identity with components in a Blazor Server app. I'm going to close this because there's nothing to document outside of the existing security issues on the Blazor.Docs project that have already been triaged for work.

guardrex on 2 Feb 2020

@guardrex thank you!

It seems my option is to use something like this https://github.com/christiansparre/BlazorAuthenticationSample (leaving here for future seekers how to do this), which is the easiest way to authenticate Blazor server app without forcing user to use separate login page (but unfortunately forcing users to witness full page reload, but it's lesser of 2 evils I suppose)

idchlife on 2 Feb 2020

Yes ...

https://github.com/christiansparre/BlazorAuthenticationSample/blob/master/src/BlazorAuthenticationSample.Client/Features/Account/Pages/SignIn.razor

... a custom solution. I'm sure that the product unit will come up with something nice to put in the box for the 5.0 release.

Let's do this ... That sample, along with others is listed at Awesome Blazor. I'll drop a cross-link to that specific section in the Additional Resources on this topic with a brief note about community authn/authz. We already cross-link to that repo elsewhere, so I think that they'll be ok with it. I'll float the PR shortly and ping you on it.

guardrex on 2 Feb 2020

@guardrex thanks!

idchlife on 10 Feb 2020

👍1

Was this page helpful?

0 / 5 - 0 ratings