I am already having a react SPA which works with backend WebAPI.
Currently, I am making an ASP.NET Core MVC Project which has its own view pages, but needs to integrate this app in one page (I will integrate all WebAPI functions to this MVC app as well).
Since I am using Cookie based authentication on my ASP.NET Core App, I want my react app to share the same authentication session so that users doesn't need to login again.
Theoretically, everything should work well when I copy the compiled react JS files to my ASP.NET Core scripts folder and run it.
But, The challenge is debugging. When both apps works on different ports, the Authentication cookie is not shared, and my react app will not work (Both CORS and Authentication problem)
How can I run both apps on same port while development?
Related
We have a legacy Web Forms app that we intend to slowly port over, module by module, to Blazor WASM. As we do not have the capacity to rebuild everything in Blazor straight away, we are going to have to run the Blazor and Web Forms app side by side for the time being. To the end user, this needs to appear seamless - i.e. they don't notice when they're being switched between the two.
The first thing I am trying to sort out is the log in process. We have decided to use IdentityServer to build an external identity provider which both the Blazor and Web Forms app will communicate with. Currently I am just trying to create some proof of concept models to see if I can actually get this to work.
I have managed to build a sample Blazor WASM app and a sample Web Forms app that both communicate with the same IdentityServer app to log in. Both of these apps recoginise upon initial load whether a user is already logged in to IdentityServer or not and they show or hide a claims page accordingly.
If I log out of the Web Forms app and then refresh the page in the Blazor app, the Blazor app requires me to log in again - which is what I want. I'm doing this by setting:
BackChannelLogoutUri = "https://localhost:7260/bff/backchannel"
in the IdentityServer Config.cs file for my Blazor client.
What I can't work out is how to get my Web Forms app to behave in a similar fashion. If I log out of my Blazor app, the Web Forms app remains signed in. I am not sure what the equivalent FrontChannelLogoutUri or BackChannelLogoutUri would be for the Web Forms app.
The Web Forms sample app I am using as my template is the sample provided by Duende themselves, which is here:
https://github.com/DuendeSoftware/Samples/tree/main/various/clients/Owin
(Firstly, these "technology migration" projects are tough , so I wish you the best of luck!)
You need a have two "Front channel server-side clients", so the BackChannelLogoutUri setting is useless. So you need to pay attention to this part of the Identity Server documentation.
Alternatively (as I have done the same in a similar project) you can call a service api in the other UI client and then use a technology like SignalR to notify all open browser tabs of the logging-out user in any other UI to trigger log out.
We are developing a mobile app and this app will call the same APIs as the web one.
We want to create specific controllers for the mobile app and prevent it from calling the ones for the web app and vice versa.
Both apps send an access token which contains the client_id for each app.
Is it possible to do something like this :
[Authorize("mobileOnly")]
And check in the OnAuthorization if the request comes from the mobile or web app.
Or is there a better solution?
Edit: We are using .Net framework not .Net Core
I want to develop an SPA project by Blazor technology.
Due to complexity of debugging the Blazor Web-assembly application, I would like to first create it as a server-side app, and then later change it to a Web-assembly application app.
Is this possible? If so, after I have successfully gotten the Server-side Blazor project to work, what changes will I need to make, to get the same functionality working with the WebAssembly project?
Also, are there any particular approaches or technologies I should avoid in my Server-side Blazor project, because they have no equivalent when using WebAssembly?
For the most part, your Blazor components should be able to migrate from Server to Webassembly with few or no changes.
If your Blazor Server application doesn't require data from outside your application (e.g. database calls), and it doesn't use any APIs that aren't supported in the browser (e.g. System.Security.Cryptography), then you may be able to migrate to Blazor Webassembly without any changes to your components.
If your Blazor Server application does require data from outside the browser, then those services will need to be hosted elsewhere and called from your components via Http requests (see Call a web API from ASP.NET Core Blazor).
There are a couple of good options for your Blazor Webassembly back-end, the most common of which is the Blazor Webassembly hosted template.
If you'd rather serve your Webassembly app as a static web application, you can instead move your back-end services to a serverless function application. There are a variety of options for that, the most convenient of which (in my opinion) is using Azure Static Web Apps with .NET and Blazor
I've fiddled with Backend Servers using NodeJS in the past and want to build a Web API for a game. I also want that same Web Server to have a Front-end page (For logging in and changing some data the Web API needs for requests, basically).
I'd like the API to be available via localhost/api/v1/.. and currently have a React Page for the Login stuff ect (using the ASP.Net core React template).
How would I go adding in the Web API part? If I understood correct, the ASP.Net Core React template creates both a react front-end and ASP.Net Core back-end already?
What I am trying to achieve:
I currently have mobile apps on top of services and would like to add a web site on top of the same services.
Services details:
ASP.NET Web API project using OAuth (bearer token) and Identity for authentication and authorisation.
Microsoft.AspNet.WebApi 5.2.3
Microsoft.Owin.Security.OAuth 3.0.1
Microsoft.AspNet.Identity.Core 2.2.1
Mobile details:
Xamarin projects.
Xamarin.Forms 2.3.3.193
What architecture should I use for the web site?
Create a new ASP.NET MVC project and call my current services from the MVC controllers? This seems bad because:
I would have 2 layers of controllers (web site MVC controllers calling services API controllers)
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
Create a new ASP.NET MVC project and call current services database directly? This seems bad because:
I would have to duplicate the models in the services project and in the web site project
Create a new ASP.NET project and call my current services using ajax? This seems bad because:
I would need to create my own register/login pages
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
I would need to say bye to future social authentication (OAUTH2) implementation because I wouldn’t be using OWIN
Thanks,
fcorbeil
If you already have the API a brand new MVC app shouldn't be such a bad choice. If you have your models stored in a different project just reference them to the MVC one. As for the services, them would work perfectly with the new application. This all can be achieved without changing almost nothing to the current implementation.
I am working on a project and using a similar architecture.
I decided to create an Angular project for the website front end and all it does is talk to the Web API. Angular handles the JWT authentication really well. If you've never worked with Angular before, it is really nice to work with.
However, a vanilla ASP.NET MVC web app would work just as well.
It depends on how comfortable you are with Angular, or how willing you are are to learning it! :)