Antiforgery and Blazor
April 25, 2022
The key to understanding Antiforgery is that it is directly linked to the user's identity. This means that the antiforgery token and cookie that are generated by .NET Core are only valid for a specific user running in a specific context. So each time a user's identity changes ( ie.login/logout) new antiforgery tokens and cookies need to be generated for them to remain valid. This post explores how to resolve this challenge in a Blazor application.
Read More...
Customizing Antiforgery Behavior For Cookies And Bearer Tokens
April 15, 2022
The most common way of implementing Antiforgery is by using the [ValidateAntiForgeryToken] action filter on your actions or controllers (this is enabled by default on Razor Pages). However if your application supports multiple types of authorization it has some challenges. This dual authorization approach is common with APIs where you have a same-domain web application that relies on cookies but also supports external clients connecting via bearer tokens.
Read More...
Oqtane 3.1 Released
April 05, 2022
Thirty years ago this week Microsoft released Windows 3.1, the operating system which became the first version of Windows to be widely distributed with new PCs and cemented the dominance of Microsoft on the desktop in the decades to follow. In homage of this great achievement, we are extremely excited to announce the release of Oqtane 3.1.
Read More...
INotifyPropertyChanged
April 05, 2022
One of the most common questions asked by new Blazor developers is how do you communicate between components? Essentially this questions boils down to state management... and the answer is that it depends on what you are trying to accomplish as there are many different solutions to consider, each catering to different UI scenarios.
Read More...
Backend for Frontend (BFF) Architecture
April 05, 2022
The latest guidance from the IETF is that SPA applications which have a back-end should use the Backend for Frontend (BFF) architectural pattern. Oqtane uses the BFF architectural approach - both when running on Blazor WebAssembly and Blazor Server.
Read More...
Site Migrations & Deployment
April 05, 2022
A common requirement in Oqtane is the need to identify changes for a specific site in your multi-tenant installation and deploy these changes into another environment. Oqtane 3.1 introduces a new Site Migration capability which allows you to codify the changes you wish to make to a specific site using an approach which is similar to EF Core data migrations and have the changes automatically applied on startup.
Read More...
OAuth 2.0 and OpenId Connect
April 05, 2022
Oqtane 3.1 adds support for integrating with an OAuth 2.0 or OpenID Connect provider for external login integration - both of which are international standards that are widely used for enterprise IT security.
Read More...
User Management Improvements
April 05, 2022
The primary authentication method available in Oqtane was traditionally based on using a local user account via the standard .NET Core Identity provider. However Oqtane used a customized user interface to enable the client to be written using native Blazor components. The 3.1 release adds a variety of additional features in the user management area to bring it up to par with the standard server-side features.
Read More...
Oqtane 3.0.3 Released
February 15, 2022
Oqtane has been focusing on its runtime capabilities in recent releases, optimizing framework performance and expanding its features in external-facing web scenarios. The 3.0.3 release continues with this theme and includes refinements which are a direct result of production dogfooding experiences with Oqtane.Org, Built On Blazor, and .NET Foundation Project Trends.