Securing Blazor WebAssembly

When we are developing any piece of user-facing software, it’s important to ensure that only authorized users can access it. This is why it is necessary to apply authentication and authorization to it.

Authentication is the process that allows us to ensure that the user is who they say they are. A good example of it is using a username and password to log in. In theory, only the real user would know their secret password; therefore, by supplying the correct password the user proves that it’s them.

Authorization is the process of ensuring the user is allowed to access a specific resource. A good example of it is the use of roles within an organization. A user with the admin role may have access to all areas of the website, while someone with a user role may only be able to access some public-facing parts of the website.

Introduction to single sign-on

It is very common to use single sign-on (SSO) providers for authentication and authorization. This is where the process of authentication and authorization is outsourced to an external provider. The application that the user is trying to access is configured to connect to this provider and interoperate with it.

The diagram below demonstrates how SSO is typically performed.