Open Closed

Blazor Server Tiered with API and IDS: Authentication Screen & Flow in Blazor Server App instead of IDS #3299

mrbrl created

**ABP Framework version: v5.3.0 Commercial

UI type: Blazor Server

DB provider: EF Core

Tiered : Blazor Web , IDS, web API**

Use Case:

Blazor Server App hosted in 'WebServer' Identity Server hosted in 'AppServer' End Users may only access 'WebServer'

With the default authentication flow and UI residing on Identity Server, when authenticating on Blazor Server App (on WebServer - which users can access), the flow redirects to Identity Server (on AppServer which users cannot access) - and therefore authentication cannot proceed.

The Authentication is leveraging both local (to IDS database), and LDAP (which defaults to local authentication when failing to connect) authentication.

What would solve the problem is to have the authentication UI on the Blazor Server App, which would leverage the ABP-fronted IDS APIs to allow login, logout, token issuance and refresh, cookie, and LDAP authentication.

I did not find any conclusive documentation on this and would be grateful for directions on this - as to avoid recreating a whole wheel.

Thanks a ton!

4 Answer(s)
  • 0
    gterdem created
    Support Team

    Blazor Server application uses hybrid flow for authentication as it is the recommended approach. This means you need to be redirected to Authentication Server, get authenticated and then redirected back.

    The LDAP or any other external connections should be configured at the IdentityServer since it is the external openid provider.

    If you want to use login inside the blazor server application, the wheel is already discovered; you can use non-tiered application template which contains the identityserver inside the application..

  • 0
    mrbrl created

    The issue at hand is the database cannot be accessible by the blazor app - relying on API app on another server. Hence we cannot add IDS to the blazor web app as it would require database connectivity.

    **Blazor WAF: **

    • displays authentication UI (login/logout...)
    • consumes Authentication API on IDS
    • manages the authentication identifier
    • has no database access
    • can only consume APIs
    • accessible to end-users


    • Exposes API's required for user authentication flow
    • Support local users
    • Supports LDAP
    • has database connectivity
    • not accessible to end-users


  • 0
    gterdem created
    Support Team

    We don't have a default solution or a support for this kind of custom authentication flow. And custom authentication flows are related to openid providers mainly (identityServer in this case). You can implement your own flows as you like by using the openid providers (identityServer) .well-known/openid-configuration endpoints.

    You can check and use the endpoints in your blazor application like

    • /connect/authorize
    • /connect/token
  • 0
    mrbrl created

    Yes, we were hoping to possibly reusing ABP auth components instead of client authentication reimplementation. Thanks