✅ How can I use ReactJS with Asp.net core with server side HTTP calls?
Hello. I am curious what choices I have available for working with ASP.net and a React front end. I am aware there is an ASP.net template for React, however it does not seem to support server side rendering. Their docs mention:
Are there any good options available that lets me still use ASP.net core? I would prefer to share types with my back end. I looked at ReactJS.NET but it seems to not have been updated in quite some time. It has only a couple of typo fixing commits in the last couple of years.
I'm curious if anyone has good ideas for me. Thanks!
13 Replies
What do you mean "server-side http calls"?
The back end is what I'm trying to protect. It has API controllers with Authorize attribute that requires a token that generated from Azure AD. To get that token from Azure AD, I have a secret. I obviously can't put that secret for getting access tokens in the client side code, so my thought was I will need to make this app have some server-side component to it that can keep the secret... secret, along with making all my HTTP requests to the back end.
(should I delete this post since I'm just asking in #web anyway? I really didnt intend to cross post but I clearly have at this point
with fetch ? 🤔
From the client side, fetch won't work since I need to use a 'secret' to obtain the access token for the API.
you have to login your user at some point ? 🤔 @djibouti
when you login you get a JWT for example and refresh your token time to time
No, there's no user accounts for this app. But I still want to secure the backend so adding a UI+server layer where the request is done from ssr seems best
how do you authenticate people ?
@djibouti you will need to use the oauth flow
OAuth 2.0 client credentials flow on the Microsoft identity platfor...
Build web applications by using the Microsoft identity platform implementation of the OAuth 2.0 authentication protocol.
There is no authentication for users. There is a unique identifier they can enter and then the application needs to display some information from the back end api. The response isn't information terribly sensitive so it's fine to display it based on that identifier. But there are ways it could be abused so I need the api call protected. I realize it sounds odd, but those are the instructions I have to work with.
The unique identifier is your password then
I thought you might say that, and yeah I guess I've come around to that being the case
Unfortunately I still need to hide the back end request with a server-side api call (not my call)
Thanks - yeah I know how to implement the flow, I was just hoping that there was some way to directly combine React + asp.net (with ssr, not the template one which doesn't allow ssr)
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.