Authentication and Authorization in ASP.NET Core Blazor
Blazor render modes and security, Identity UI, AuthenticationStateProvider, Entra ID and RBAC vs ABAC.
This principle stems from the very nature of WebAssembly: compiled code runs in the browser where the user has full control. With browser DevTools or tools like wasm-dis, it is possible to inspect and modify WASM code behavior.
Analogy: Imagine writing building access rules on a sticky note you give to the visitor. Obviously, the visitor can modify this note. Real security is the guard at the entrance who checks badges — that's your server API.
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
13 sections- 1 Table of Contents
- 2 Blazor Render Modes and Security Impact
- 3 User Management — Blazor Identity UI
- 4 AuthenticationStateProvider In Depth
- 5 Blazor Authorization Components
- 6 Integration with Microsoft Entra ID (OpenID Connect)
- 7 Protecting Local APIs with Cookies
- 8 Protecting Remote APIs with Access Tokens
- 9 Authorization Policies — RBAC vs ABAC
- 10 Common Pitfalls and Anti-Patterns
- 11 Practical Exercises
- 12 Technical Glossary
- 13 Additional Resources
More Authentication & Security courses
View all 5Authentication and Authorization in ASP.NET Core
ASP.NET Core Identity, OpenID Connect, the BFF pattern, JWT, policies and data protection.
Securing ASP.NET Core 10 with OAuth2 and OpenID Connect
OAuth2/OIDC with Duende IdentityServer — claims, API security, token revocation and the BFF pattern.
Securing ASP.NET Core with OAuth2 and OpenID Connect
Authorization code flow with PKCE, claims, refresh tokens, ASP.NET Core Identity, federation and MFA.
Authentication and Authorization in ASP.NET Core 10 Blazor
Secure a Blazor Web App with Identity, render-mode-aware auth state, Entra ID and policies.
Interested in this course?
Contact us to book it or get a custom training plan for your team.