Closed VR-Architect closed 4 days ago
Hello @VR-Architect ... We already have the guidance in ...
... so I'll add a cross-link to that article at the bottom of the tutorial to raise its visibility.
WRT the security guidance working with roles, Azure Administrator roles, and Azure security groups, I ran into a problem while working a different issue, which remains open for work. Temporarily, I've punted that to the PU for resolution. However, I think I'll have some time to try again soon. Sometimes, I have better luck 🤞🍀 when I try again on a different day with a clear head.
setup during project creation in the template to Microsoft's best security practices so we get it right.
I suspect that it will be in a future project template. I suspect it will be for .NET 10, but Beth may say if that's currently planned or not.
Thanks for the reference to that additional document, it did assist from the Maui project perspective; however, I am not clear on the Web App perspective and how Maui calls into the Web App API to login/out. Is there any chance someone can take the MauiBlazorWeb project in the Microsoft samples and publish an update version with security added? I have now spent two days on this and have registration and login working for Web side, but stuck on getting MainLayout to refresh with isAuthenticated state. I am using interfaces as explained at the end of the initial document. I believe the confusion is working with the Shared project for hosting the MainLayout and razor pages while using Web app to hold all Identity/security code.
BTW, that interface explanation really helped me but I didn't read it initially as it was at the bottom of the page. It might help to have its own sub-document :) Excellent work team Microsoft!
take the MauiBlazorWeb project in the Microsoft samples and publish an update version with security added?
I think we'll end up doing that per the other issue as soon as I can get back to it. Not only do we want an Entra example, it would be nice to show how to get roles, Azure AD built-in roles, and Azure security groups working at the component level using Blazor authz techniques. I'll try to get to it as soon as I can, but we're still pushing hard on 9.0 coverage for GA, which is now just a few weeks away. The security work for MAUI might not get done until after GA ... worst case, not done until early '25. I don't think it will take that long, but it depends on priorities.
that interface explanation really helped me but I didn't read it initially as it was at the bottom of the page. It might help to have its own sub-document :)
Indeed, we do have that security folder, where we could split it out. I'll make a note on the other issue to see this discussion.
Description
Being a new template for Blazor, it is vital we all get the security down correctly. Please extend the document to show how to incorporate ASP.NET CORE Identity. Maybe other documents to use Azure Entra and OpenIAM.
Having new Blazor apps getting released to production and getting owned is not a good look for the platform. We need Microsoft's expertise in this. In fact, I even suggest the security should be auto-magically setup during project creation in the template to Microsoft's best security practices so we get it right.
Page URL
https://learn.microsoft.com/en-us/aspnet/core/blazor/hybrid/tutorials/maui-blazor-web-app?view=aspnetcore-8.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/hybrid/tutorials/maui-blazor-web-app.md
Document ID
0aab0118-addc-a59a-0169-0400322d6569
Article author
@guardrex
Related Issues