Authentication And Authorization

By Ashwin Venugopal -

 





Implementing Authentication

There are numerous built-in features related to authentication. We need to implement authentication independently for the Blazor Server project and the Blazor WebAssembly project since they operate in slightly different ways.

Adding Tables To The Database

To be able to add authentication, we need to add the necessary tables to our database. This can be done via Entity Framework:

  • In the MyBlog.Data project, we need to add a couple of NuGet packages. Right click on Dependencies and select Manage NuGet Packages.

  • Search for Microsoft.AspNetCore.Identity.EntityFrameworkCore and click Install.

  • Search for Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore and click Install.

  • We also need to add IdentityServer. Search for Microsoft.AspNetCore. ApiAuthorization.IdentityServer and click Install.

  • Open the MyBlogDbContext.cs file. Change the code so that MyBlogDbContext inherits from ApiAuthorizationDbContext and add a new constructor and overridden OnModelCreating.

  • In the MyBlogDbContext.cs file, we have a class called MyBlogDbContextFactory. Change the path to the database to ../MyBlog. db. This way, when we update the database, we will update it for all our projects.

  • Right-click on the models folder and select Add | Class. Name the class AppUser.cs.

  • Open the AppUser class and replace the content.

  • Open PowerShell and navigate to the folder that you have the MyBlog.Data project in. This can also be done from within Developer PowerShell in Visual Studio.

  • Execute the following commands-

dotnet ef migrations add Identity

dotnet ef database update

We will also update the database so that it gets all the latest migrations, and we are ready to start using the new data context.

Configuring Blazor Server Project

We need to tell the Blazor Server project that we want it to use authentication. We do that by adding configurations in Startup.cs:

  • In the MyBlogServerSide project, right-click on the Dependencies node and select Manage NuGet Packages.

  • Search for Microsoft.AspNetCore.Identity.UI and click Install. This package contains a UI and extensions that will help us when it comes to user login. ASP.NET has support for a lot of different ways of authenticating, and so leveraging what already exists in terms of its authentication infrastructure makes a lot of sense.

  • Right-click on the MyBlogServerSide project, select Add Folder, and name the folder Authentication.

  • Right-click on the folder and select Add | Class, and name the class RevalidatingIdentityAuthenticationStateProvider.cs.

  • The content of this class is provided in a Blazor template. You can simply copy the content from the GitHub repository. This is one of the files that Microsoft will supply for us when we choose to add authentication to create our project. It will check whether the user credentials are still valid (after 30 minutes by default).

  • Open Startup.cs and add namespaces.

  • Add the connection string as a setting.

  • Add code at the bottom of the ConfigureServices method.

  • In the Configure method just beneath app.UseRouting(), add the following code-                                                                                app.UseAuthentication();

app.UseAuthorization();

  • Open the App.Razor file and replace the content. Added CascadingAuthenticationState, which will make sure that all the components have access to AuthenticationState.

  • Right-click on the components folder and select Add | Razor component. Name the component LoginDisplay.razor.

  • Open the new component and replace the content.

  • Open _Imports.razor and add the following using statement anywhere in the file-

@using MyBlogServerSide.Component

  • Open Shared/MainLayout.razor and add the component to the page just after the About link.

  • The identity UI needs a file called _LoginPartial.cshtml to work. Right-click on the Pages folder and select Add | Folder and name the folder Shared.

  • Right-cliclk on the Pages/Shared folder and click Add | New item.

  • Click Razor Page – Empty and name the file _LoginPartial.cshtml.

  • Right-click on the Pages folder and select Add | New item.

  • Click Razor Page - Empty and name the file Logout.cshtml.

  • Replace the content of the file.

  • Now we need something to secure. We need to edit the following four files and add the @attribute [Authorize] attribute to each file-

Pages/Admin/BlogPostEdit.razor

Pages/Admin/BlogPostList.razor

Pages/Admin/CategoryList.razor

Pages/Admin/TagList.razor

  • Change the startup project to MyBlogServerSide and run the project by pressing F5.

  • If you now navigate to https://localhost:5001/admin/Tags (the port number may differ), you will notice that you get a Not authorized message.

  • Click Register and log in with your credentials, and you will now have access to the TagList component.

Conclusion

We now have a site with login functionality running on the server side. 









































Comments

Post a Comment

Popular posts from this blog

Information Protection Scanner: Resolve Issues with Information Protection Scanner Deployment

By Ashwin Venugopal -
Image
  About If you are experiencing problems with the Microsoft Purview Information Protection scanner, check the health of your deployment by utilizing the Start-ScannerDiagnosticsPowerShell cmdlet to start the scanner diagnostic tool. The diagnostics tool checks the following details and then creates a log files with the results: Whether the database is up to date. Whether network URLs are accessible. Whether there's a valid authentication token and policy can be acquired. Whether the profile is defined in the Azure portal. Whether offline/online configuration exists and can be acquired. Whether the rules configured are valid.  The Start-ScannerDiagnostics command does not perform a comprehensive check of prerequisites. If you encounter problems with the scanner, you need to verify that your system meets the scanner's requirements, and that your scanner's configuration and installation are finished.  Verify Scanning Details Per Scanner Node and Repository Run the Get-ScanSt...
Read more

How AMI Store & Restore Works?

By Ashwin Venugopal -
Image
  CreateStoreImageTask The CreateStoreImageTask API stores an AMI as a single object in an S3 bucket. The API initiates a task that collects all the data from the AMI and its associated snapshots, subsequently using an S3 multipart upload to store this data in an S3 object. It gathers all elements of the AMI, including most of the non-Region-specific metadata and all EBS snapshots included in the AMI, and consolidates them into a single object in S3. During the upload process, the data is compressed to minimize the space utilized in S3, which means that the S3 object could be smaller than the total sizes of the snapshots in the AMI. If the account making this API call has access to AMI and snapshot tags, they will be retained. The S3 object shares the same ID as the AMI, except it has a .bin extension. Additionally, the S3 metadata tags for the object include the AMI name, AMI description, AMI registration date, AMI owner account, and a timestamp indicating when the store operation...
Read more

Create A Store Image Task

By Ashwin Venugopal -
Image
  Introduction When you save an AMI in an S3 bucket, a task for storing the image is initiated. This store image task allows you to track the progress and result of the procedure. Securing your AMIs It is crucial to verify that the S3 bucket is set up with adequate security to protect the content of the AMI and that this security is upheld for the entire duration that the AMI objects are stored in the bucket. If this cannot be achieved, it is advisable to refrain from using these APIs. Make sure that public access to the S3 bucket is prohibited. It is suggested to activate Server-side encryption for the S3 buckets where you keep the AMIs, even though it’s not mandatory. When AMI snapshots are transferred to the S3 object, they are sent over TLS connections. It is possible to save AMIs that contain encrypted snapshots; however, the snapshots will be decrypted during the storing process. Identify the source AMI used to create a new Amazon EC2 AMI You can determine the AMI that was us...
Read more