Create a Full LOB Demo Application

[AZDeveloper777]

The biggest hangup for the adoption of new SPA frameworks / technologies is a lack of meaningful demo/reference applications.
Please consider developing AND maintaining a reference LOB app that:

1. Uses activity based security, not just role based
2. Has a menu system that reflects aspnet/AspNetCore#5455
3. Has complex CRUD forms that reflect real world complexity
4. Has reporting that reflects real world usage of BI. i.e. allows the user to enter Start and End Date, select options, etc. This also needs to be exportable to Excel and PDF.
5. Uses SQL Azure or MS SQL Server 2016 (or later) for data storage
6. Has business logic / security checks on the SERVER as well as in the client. Web API !
7. Does NOT require EntityFramework. NPoco or PetaPoco would be excellent.
8. Does NOT use Dependency Injection (DI) beyond what is required by ASP.NET / OWIN, etc. DI makes apps harder to understand / debug and that is the opposite of what a reference app should embody. Yes, this would require expressing an opinion on the best way to do things, but an "opinionated" demo will go a long way to getting developers PRODUCTIVE sooner rather than later.

A good chunk of developers prefer to learn by inspecting a working system. Too many GitHub projects rely on developers learning from the unit tests, Wiki, overly simple demo apps.
Also, having a single well thought out reference app (either instead of or in addition to) the traditional sample apps repository with 50+ VS projects, will make it faster for developers to understand the "How do I" questions.

Do this correctly and Blazor will see an uptake faster than Angular or React ever saw !

[betimd]

That's a really neat idea. I'd like to be able to contribute to this project.

[grahamehorner]

@AZDeveloper777 @betimd lets create a repo Blazor-Enterprise-Demo and help out, although I disagree with point 8 as IMHO DI helps test and debug and allows swapping out components without major rework when testing or when need in debugging production issues

I was thinking about a real-time IoT dashboard type project ;)

[jonathanperis]

I disagree with item 7 and 8, but I think the idea is very good. On these items, they could assemble models with Entity Framework, and without, the same for Dependency Injection

[SteveSandersonMS]

This might be best done as a separate community project, but I'll tag it as backlog for now.

[betimd]

I agree with @SteveSandersonMS. So @grahamehorner let's create a repo and start working there, and from this topic we can invite people who wants to join. Agree?

[grahamehorner]

@betimd I've just created a public org in git for this reason see https://github.com/aspnet-community-demos @AZDeveloper777 @jonathanperis you interested in development of these demos or just watching/providing feedback/comments/idea ? @SteveSandersonMS could I add you as a member? I know you'll have a lot going on, but would love you to possible give guidance/insights etc.

[ddizh]

@grahamehorner I would like to help with this as well

[AZDeveloper777]

I'd love to help with the reference app but my time is quite limited for the next few months. I'll contribute where I can.

[richbryant]

I think DI definitely helps developers understand what's happening because it's a one-stop shop to go find all your components. Entity Framework is fine PROVIDED it's not being used ASPNET Identity or anything else that abstracts and obscures the actual processes involved.

I would very much like to help with this project.

[mguinness]

I have an idea for a project which is a gap in the existing templates and I believe would be a killer app which would be immediately useful to hundreds, if not thousands of users.

Currently there is no GUI for managing users/roles/claims in ASP.NET Identity Core and there are a lot of people trying to fill that gap - mainly by developing their own code in the absence of an official solution.

For ASP.NET membership there was ASP.NET Website Administration Tool (WSAT) and for ASP.NET Identity there was Identity Manager by Brock Allen and a port to .NET Core was attempted by Frantisek Skorunka.

I think this would be a great way to showcase the abilities of Blazor and could be used as a starter project for many in their own apps. I know it would imply using EF Core and ASP.NET Identity Core, but these are Microsoft technologies which many .NET users are already familar with or are learning.

[AZDeveloper777]

I think the users/roles/claims is a good start but Activity based security is what I'd like to see.

[mguinness]

@AZDeveloper777 I would imagine that activity based security could be achieved using claims based authorization. Something like a DeleteUser policy containing “Delete User” claim so only certain users can remove accounts.

Also I would suggest that initially the SQLite database provider be used as it would lower the setup barrier for new users as it's zero configuration and serverless. It should be relatively trivial to change to SQL Server later if needed.

[grahamehorner]

You do know that you can create a policy that has multiple claims and apply multiple policies to actions on controllers? using these claims client side is possible by generating a JWT with these claims within the token; blazor clients can then evaluate the claims to change the UI, however it’s always best practices to server side validate claims for request regardless as client code isn’t secure

[grahamehorner]

BTW most of thought above seem to be around server/backend code and not around client/front end and with regard to the user management UI etc may I suggest that you review that current work in the aspnet/security repo as this has changed considerably and includes a lot of work around UI and Identity/authentication services.

Please join https://github.com/aspnet-community-demos and record ideas and help develop some demo

[mguinness]

@grahamehorner I think that the point of the demo/reference application is to incorporate both client and server side code, i.e. a real world application. Maybe I'm missing your point. Yes, claims could be used to evaluate who sees what UI at the client, but they would also be enforced on the controller actions.

BTW, can point me to the user management tool in aspnet/security - it isn't easily located or advertised.

[grahamehorner]

Apologies wrong repo the UI code is https://github.com/aspnet/Identity/tree/dev/src/UI/Areas/Identity/Pages/Account/Manage

[mguinness]

OK, but that's all user facing account management. I'm talking about site account management, i.e. adding users, changing roles/claims, locking users etc.

[AZDeveloper777]

Most of the claims based security guidance recommends declarative claims checks in your code. i.e. https://docs.microsoft.com/en-us/aspnet/core/security/authorization/claims

Activity based security uses Attributes to decorate classes and methods. At runtime, the system checks method calls against a database table of Users authorized for Activities to see if THIS user is authorized for the Activity attribute(s) on this method / class.

Hardcoding employee IDs into security checks a la the article I linked is a very bad "code smell" IMO.

[grahamehorner]

Note the date 2016 see https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies

[AZDeveloper777]

Also, can we PLEASE use INT instead of GUID for User ID's in the reference app ?
A proper LOB application will be storing User ID's for certain things in the system (i.e. authorizing a Purchase Order). I do believe the "science" has been settled that doing joins between tables with INTs is faster than doing GUID joins.

[grahamehorner]

can we please take these discussions onto the aspnet-community-demos as these are off topic and while they may use blazor they aren’t discussions for the development of blazor @d-dizhevsky and myself are happy to discuss the type of demo features you would like to see and work with you to provide good examples of secure client server business type application and using blazor/mono web assembly for the front end logic and/or UI

[conficient]

I'd like to see if/how server side and client side code interact, and if it's possible to create Razor views in C# DLLs as components which are then added to the web client project - that's one of my biggest pain points with traditional MVC - where the tooling isn't really designed for this scenario. It prevents me building properly modular web applications. I've subscribed to the demo repo and will contribute where I can!

[mguinness]

FWIW, I've created a simple user management website at https://github.com/mguinness/IdentityManager. If someone is able to create similar functionality in a Blazor app that would be a great way to demonstrate the framework as it would be a real life application that many users could incorporate into their own websites.

[dariuszbz]

Hi,

Shouldn't be a problem, right? All backend API is already done in your project. Frontend its what you are missing. I assume the frontend - nice to have with SPA Blazor. Is that your point?

On 28 March 2018 at 01:03, mguinness notifications@github.com wrote:

FWIW, I've created a simple user management website at https://github.com/mguinness/IdentityManager. If someone is able to create similar functionality in a Blazor app that would be a great way to demonstrate the framework as it would be a real life application that many users could incorporate into their own websites.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/aspnet/Blazor/issues/68#issuecomment-376714652, or mute the thread https://github.com/notifications/unsubscribe-auth/ASqGgmMarwJkR2GVsLB1Y0bnxw-lf2Ggks5titNdgaJpZM4R9lzU .

[mguinness]

Yeah pretty much redo the f/end using Blazor. The OP was asking for a reference application using Blazor and my suggestion was a user management app for Identity. I think it would be a great starter app for a lot of devs that could be readily used in a real-world application and also showcase the abilities of Blazor.

[dariuszbz]

lets do it. switch to prv.

On 28 March 2018 at 17:20, mguinness notifications@github.com wrote:

Yeah, pretty much redo the f/end using Blazor. The OP was asking for a reference application using Blazor and my suggestion was a user management app for Identity. I think it would be a great starter app for a lot of devs that could be readily used as a real-world application and also showcase the abilities of Blazor.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/aspnet/Blazor/issues/68#issuecomment-376947189, or mute the thread https://github.com/notifications/unsubscribe-auth/ASqGgu46kPlYtjYrNOnuYVUcsivUMsMfks5ti7hZgaJpZM4R9lzU .

[weedkiller]

Add user Administration

[bilalamajd]

how to add built in Identity in blazor asp.net core application?

[SteveSandersonMS]

I'll close this because the discussion about a LOB app ended a while ago, and if it is to be built, it would be in a different repo from this.

how to add built in Identity in blazor asp.net core application?

You can use various mechanisms for authenticating users, but we don't have any built-in template for it. I'd recommend talking to folks on the Gitter room for suggestions.