DuendeSoftware / Samples

Samples for our Products
Other
232 stars 270 forks source link

Sample request: Blazor Server, Maui, .NET CORE API, MS Identity, MS-SQL #77

Closed VR-Architect closed 1 year ago

VR-Architect commented 2 years ago

Hi,

We are having a tough time getting all of these to work together in our solution. In particular, we need to know how to ensure the user has been granted a permission to an API method, of course the client must also be authorized. Not just a general permission to [Authorize] the client and user. We need to be able to manage the user administration and various views/functions such as login/out, signup, 2FA, email verification, etc. with the Microsoft Identity libraries all running on a Microsoft SQL Server.

BTW, I suspect this is going to be a common architecture going forward now Maui has been release.

Thanks...Scott

brockallen commented 2 years ago

we need to know how to ensure the user has been granted a permission to an API method

User authorization for specific resources is not something we generally recommend putting into your centralized identity management system. We have a few different conference talks about the issue: https://www.youtube.com/watch?v=t34Cff0pBmA

brockallen commented 2 years ago

All set on this issue -- can we close?

buvinghausen commented 2 years ago

@VR-Architect I highly recommend you look at HybridBlazor

He got most of it right though you don't need to wire up the gRPC clients on the server since you can invoke them natively without the gRPC ceremony and the other big miss he had is on the AuthenticationStateProvider for Blazor Server you should implement RevalidatingServerAuthenticationStateProvider so you can invalidate other circuits that might be open from different sessions/devices. The other big change is might as well wrap the IAuthService as a gRPC service so that the web assembly app is calling the same app as the server and you don't need to worry about Controllers. I'm still in the process of putting together the gRPC auth sservice and then I was going to tackle the MAUI thing next.

josephdecock commented 1 year ago

Closing, but feel free to reopen if necessary.