Manipulate browser session storage manually to hack claims into Blazor
I'm trying to figure out how to manually add a claim through the browser so that Blazor shows me things protected by <AuthorizeView Policy="HasHackedClaim">. I want to prove to my colleagues that handling authentication only in the Blazor client is a bad idea if the API is not protected with authentication, even if the API is not publically exposed.
0 Replies