How to implement custom authentication in Blazor Server (WITHOUT Microsoft.AspNetCore.Identity)

Рет қаралды 20,437

Күн бұрын

Пікірлер: 33

@quincintchristian2681 2 жыл бұрын

Thanks! I’m looking forward to your video with a Provider such as Google or Facebook using this same authorization example.

@vittoriomorellini1939 Жыл бұрын

This is the best video I found about custom authentication

@sergeyt6007 3 жыл бұрын

Thanks for your creativity, it is very useful to fill knowledge gaps!

@Codewrinkles 3 жыл бұрын

Glad you think so!

@owner2959 2 жыл бұрын

Can we use this method inside Razor Component instead of using that cshtml Page ? as I see you have used existing structure of identity pages. it will be great if you purely use razor components for registration/login and authorization. Good Work

@sneer0101 2 жыл бұрын

No because the HttpContext used in razor components is different.

@manojnaik5643 8 ай бұрын

Good explanation here, have tried same way but custom authentication state is not persist after redirect to different page using interactive auto render mode.

@tommyariap3464 2 жыл бұрын

Hi, i'd like to ask regarding the uses of .cshtml page instead of .razor component. I assume that you use cshtml page so you can access HttpContext property out-of-the-box, but what if we register an HttpContext accessor service (builder.Services.AddHttpContextAccessor()) and inject it instead to the razor component to access the HttpContext ? Would there be any difference, catch or it is a valid workaround ? Thank you

@Codewrinkles 2 жыл бұрын

Thank you very much for your input. Actually using the HttpContextAccessor is not really needed, except when you want to use the HttpContext in other services and want to leverage the DI. In that case you would register the HttpContextAccessor. Otherwise you're just duplicating what you already have.

@tommyariap3464 2 жыл бұрын

@@Codewrinkles Thank you very much for your response. Actually this question occurred on me (more like make me tripped actually) when i am trying to reproduce this video but fully inside Razor component instead of using razor page or .cshtml page, where we don't have access to HttpContext at all except through injected HttpContextAccessor. What i found is, unfortunately, calling SignInAsync() or SignOutAsync() from injected HttpContextAccesor's HttpContext inside Razor component would throw InvalidOperationException. So instead what i do is a combination of custom RevalidatingServerAuthenticationStateProvider with its SetAuthenticationState() through injection. And if i want to persist the session (continue the session even after manually type the URL) i just write the cookie manually through JSInterop.

@Codewrinkles 2 жыл бұрын

@@tommyariap3464 Thank you very much for sharing your experience. From my point of view, it's not optimal to do any authentication stuff in razor components. In fact, in this video I showed that logout is also a Razor page actually. The main reason for this is that, indeed, you can't rely on the HttpContext to be accurate in Razor components. I covered this with examples and explained why in several Blazor server videos. Sure, JSInterop is a workaround, but from my point of view the resulted code is not easily understandable. If you use a Razor page or a regular controller, then everything is much cleaner and more straightforward to understand.

@karthin5699 Жыл бұрын

Hi, ClaimsIdentity data where is stored? after logout i checked cookie in browser but not there. can you please explain?

@yakupipek830 Жыл бұрын

Is it possible to omit the argument for AddAuthentication? Leaving it empty and handling it via Authorization policies?

@DavidAlexandru11 Жыл бұрын

Hello! I just set up a Blazor server app with individual accounts. Considering the fact that I use razor component for login page and register page, I tried to make a repository with an interface that I registered in Program.cs. In this repository I have set async methods for login and registration, but every time, for example, when I want to login, I get this error "The response headers cannot be modified because the response has already started.". I mention that I have not implemented CustomAuthorisation. Any advice for this? Thank you

@Codewrinkles Жыл бұрын

That doesn't seem like an authorization problem. Usually you get this exception when you try to set some headers after the response has been constructed. Blindly, I'll say that somethin is probably not awaited properly. Maybe no async for the "OnPost()" method in the pagemodel?

@hermanreyes2400 Жыл бұрын

How to do this in the razor component and without a role, only the user-id and password to be passed in?

@montytrollic 2 жыл бұрын

You just got new subscriber sir! 👍

@Codewrinkles 2 жыл бұрын

Thanks!

@franciszekkaliszewski7005 Жыл бұрын

Hi! Scenario: You are loged in, you copy auth cookie, you log out the user and paste "saved" cookie again. What will happen?

@thebeast7889 2 жыл бұрын

Is the source code available for download somewhere ?

@majormartintibor 3 жыл бұрын

Thanks for this.

@Codewrinkles 3 жыл бұрын

My pleasure!

@coolwaterdvr 2 жыл бұрын

How to restrict user to access the Registrater.cshtml Page? Example only Administrators can only add users. Is it possible to write and implement authorization/authentication (login and register page) using Blazor components rather than using cshtml razor pages?

@ybleeLee Жыл бұрын

If you have two browser tabs logged in with cookies and you log out of one of them, the other tab is still active. Please tell me how to fix the error that keeps me logged in.

@rihanulhassan3943 9 ай бұрын

Try changing the startup project to the project that you required to run . Right-click>Projectfile>configure Startup>apply

@theNeptuneViolin Жыл бұрын

This would be so much easier to follow if you either started from a new project, so I don't have to go through another video only to have to remove half of it, or if you provided source code so I already have what I need.