Marco De Sanctis

Marco De Sanctis

Owner at Cloud Consult London Ltd

Bio

My name is Marco and I have an incredible passion for technology which I had the privilege to turn into a job. I’ve been working with .NET since the first beta, focusing on ASP.NET and, more generally, anything that is web related. I’ve been an early adopter of Microsoft Azure – who remembers the portal in Silverlight? :) – and, since its introduction, Cloud technologies have represented the core of my professional interest.

Today I work as a freelance Solutions Architect in the beautiful London, focusing on Cloud transformation. Getting involved in the .NET and Azure community is also a key aspect of my profession: I’m convinced that knowledge sharing is one of the best ways to improve our professional skills, and therefore I try to dedicate as much time as I can to activities such as writing articles or speaking at conferences and meetups. Thanks to that, I’ve been awarded as a Microsoft MVP for the last 11 years in a row.

 

Deep down in Blazor authentication and authorization

Thanks to Blazor, every .NET developer can now build Single Page Applications with a familiar syntax, sharing code with the server and leveraging C# instead of JavaScript. However, the technical architecture is fundamentally different than the one of ASP.NET MVC or Razor Pages, especially when it comes to supporting modern security protocols, such as OpenID Connect and OAuth.

During this talk, we'll do a deep dive into the security model of Blazor, understanding the components involved and the differences between Blazor Server and Web Assembly.

We'll start with a practical example on how to integrate our Blazor application with Identity Server 4 and use OAuth to securely call an external API. After having established our baseline, we'll gradually start adding complexity: we'll first be introducing roles, and then we'll show how policies can allow us to achieve a bigger abstraction over the permissions and actions a user can perform in the application.

As the last step, we'll see what changes are needed to make sure that our application behaves correctly in a PWA scenario when we need to support an offline mode.


Agenda Talks

.NET Con

10:00 to 10:45
03 Nov 2021

Deep down in Blazor authentication and authorization

Thanks to Blazor, every .NET developer can now build Single Page Applications with a familiar syntax, sharing code with the server and leveraging C# instead of JavaScript. However, the technical architecture is fundamentally different than the one of ASP.NET MVC or Razor Pages, especially when it comes to supporting modern security protocols, such as OpenID Connect and OAuth.

During this talk, we'll do a deep dive into the security model of Blazor, understanding the components involved and the differences between Blazor Server and Web Assembly.

We'll start with a practical example on how to integrate our Blazor application with Identity Server 4 and use OAuth to securely call an external API. After having established our baseline, we'll gradually start adding complexity: we'll first be introducing roles, and then we'll show how policies can allow us to achieve a bigger abstraction over the permissions and actions a user can perform in the application.

As the last step, we'll see what changes are needed to make sure that our application behaves correctly in a PWA scenario when we need to support an offline mode.