Closed VR-Architect closed 1 year ago
we need to know how to ensure the user has been granted a permission to an API method
User authorization for specific resources is not something we generally recommend putting into your centralized identity management system. We have a few different conference talks about the issue: https://www.youtube.com/watch?v=t34Cff0pBmA
All set on this issue -- can we close?
@VR-Architect I highly recommend you look at HybridBlazor
He got most of it right though you don't need to wire up the gRPC clients on the server since you can invoke them natively without the gRPC ceremony and the other big miss he had is on the AuthenticationStateProvider for Blazor Server you should implement RevalidatingServerAuthenticationStateProvider so you can invalidate other circuits that might be open from different sessions/devices. The other big change is might as well wrap the IAuthService as a gRPC service so that the web assembly app is calling the same app as the server and you don't need to worry about Controllers. I'm still in the process of putting together the gRPC auth sservice and then I was going to tackle the MAUI thing next.
Closing, but feel free to reopen if necessary.
Hi,
We are having a tough time getting all of these to work together in our solution. In particular, we need to know how to ensure the user has been granted a permission to an API method, of course the client must also be authorized. Not just a general permission to [Authorize] the client and user. We need to be able to manage the user administration and various views/functions such as login/out, signup, 2FA, email verification, etc. with the Microsoft Identity libraries all running on a Microsoft SQL Server.
BTW, I suspect this is going to be a common architecture going forward now Maui has been release.
Thanks...Scott