Member-only story
Securing a Blazor WebAssembly Application With Azure Active Directory
I recently embarked on a mission with my colleague Marius Rochon to secure a Blazor WebAssembly application using Azure AD. The application utilizes a backend API which is also secured using Azure AD. Whereas Azure AD makes the process a breeze to setup, experience has taught us that the devil lies in the details. This post chronicles our journey to secure a Blazor WebAssembly application.
The source code is hosted on my GitHub repository which can be found here.
The Solution
The solution includes two projects. The Blazor WebAssembly project and a WebAPI project.
Note: Utilize the feature in Visual Studio to set multiple startup projects as both projects are required to run at the same time. More on that can be found here.
As mentioned above both projects are secured with Azure AD. The WebAssembly Blazor project runs in the browser. Thus, we will utilize the implicit grant flow to secure our application. As for the WebAPI project it is secured using the Bearer Authentication Scheme (more on this later) and thus expects the Blazor project to provide an access token. The Blazor application will request both an ID token to allow the user to authenticate as well as an Access token to access the WebAPI project.
