Creating a layered design in an application is a fundamental element of modern software architecture. The goal is to promote the Separation of Concerns (SoC) design principle. Separation of Concerns The ideas behind SoC date back to Dijkstra's 1974 paper "On the role of scientific thought" . In computer science, separation of concerns (sometimes abbreviated as SoC) is a design principle for separating a computer program into distinct sections. Each section addresses a separate concern, a set of information that affects the code of a computer program. A concern can be as general as "the details of the hardware for an application", or as specific as "the name of which class to instantiate". A program that embodies SoC well is called a modular program. Modularity, and hence separation of concerns, is achieved by encapsulating information inside a section of code that has a well-defined interface. - Wikipedia SoC is a broad design principal th...
Using Windows Authentication in Blazor with .NET 8
Authentication standards have grown and changed significantly over the past decade. Most modern applications use some sort of token based authorization such as OAuth2.0 or OpenID Connect (OIDC), or possibly even SAML. Delving into these authentication mechanisms is a larger topic and a future post may address OIDC or Microsoft Identity Platform. If developing an application from scratch, one of the above authentication mechanisms should generally be used.
However, there are still situations where it may be sufficient to use Windows Authentication. Typically, this would be when upgrading an existing application or creating an intranet application completely internal to a business (no external users permitted).
In these scenarios, the web application is generally running in IIS and authenticates the users with the Negotiate provider against a domain controller (or Microsoft Entra ID). Until recently, when creating a Blazor project in Visual Studio, Windows was a valid authentication type. In the latest version of Visual Studio, the Blazor Web App template does not offer Windows Authentication as a default option.
Even though that option has been removed from the latest project templates, it's fairly simple to enable Windows Authentication in a Blazor Web App.
The first step is to add a reference to the Microsoft.AspNetCore.Authentication.Negotiate package using the Package Manager in Visual Studio.
Right-click the project in Visual Studio and select "Manage Nuget Packages...". Search for Microsoft.AspNetCore.Authentication.Negotiate and add that package to your project.
Next, open the Program.cs file, and add the following code right after the builder variable declaration:
Next, make sure the debug environment has Windows Authentication enabled. Right-click the ASP.NET project in Visual Studio, select Properties, select Debug, then click "Open debug launch profiles UI". For this demo, we're going to debug the application in IIS Express, so select IIS Express and make sure Enable Windows Authentication is checked. Also make sure that Enable Anonymous Authentication is not checked.
Now you can access the User.Identity property and take advantage of the the AuthorizeView in your Razor components. For example:
<AuthorizeView><Authorized>
@context.User.Identity?.Name is Authorized
</Authorized><NotAuthorized>
Not Authorized
</NotAuthorized></AuthorizeView>
This post represents just an entry point to Windows Authentication and Blazor. Dealing with WASM and SignalR (for server side Blazor) adds some complexity to the overall authentication infrastructure; maybe those can be examined in a future post. Additionally, this is generally no longer a best practice; but there are still scenarios where this authentication type may be valid.
