I'm starting up a new project, and am having some design challenges.
Initial thoughts:
- Blazor Web, mostly server to start, but more WASM over time as things grow and scalability becomes necessary.
- Authenticate against Azure AD B2C tenant
- .NET 9.
It seems Microsoft.Identity.Web is the way to go, but I can't seem to find a good example of how to integrate it with a mixed mode Blazor app. I.e. the user logs in once, and both the Server and WASM sides work. I'd think a JWT token would be sufficient to share between the two sides, but it's been more than a handful of years since I've been involved in security design decisions.
I'm trying to stay within the MS ecosystem, though I'm frustrated by the documentation. It's certainly plentiful, but their revisioning system obfuscates the history, so it's challenging to quickly tell what's written in the .NET 5 days, vs what's .NET 8+ for example (and this confuses the hell out of chatGPT, which keeps trying to get me to make a _Host.cshtml for my Blazor on .NET 9 app).
For the record, I have tried a number of the samples out there, and basically every tutorial I can find over the past week. They work in the Blazor .NET 5 / .NET 6 realm on the server side, but end up in weird redirect loops and other problems when I apply the same to Blazor on .NET 9.
I'm left both frustrated, and baffled that MS hasn't made this a 3 click wizard thing. Blazor + Azure AD B2C should be one of their default demo environments. The existing wizard only works on Server only v6, and "Microsoft Identity Platform" isn't an option for "Authentication Type" in the Blazor / .NET 9 Web new project wizard.
Any thoughts on where to head? Thanks in advance.