Zoli
I’m looking for feedback on the security setup, which uses .NET MAUI, ASP.NET Core, and MongoDB.
The reason I thought document would be better approcach because one workout can have many exercises and one exercise can have many sets so if i store the exercises and sets in another table the sets table will exponentialy grow large. So i thought if i encapsulate all related data to the workout would solve this issue.
Also that particlar exercise/set cannot be part of any othet workout.
116 replies
I’m looking for feedback on the security setup, which uses .NET MAUI, ASP.NET Core, and MongoDB.
So I have done the followings, lucky I did not need so much modification.
I've added identity management to the system on the api, creating users in an SQL table along with access and refresh tokens that include expiration dates.
Now, all API endpoints—except for Login and Register—require a valid token to access. When an endpoint is called, the system checks the token's validity and expiration. If the token is expired, it regenerates a new one and stores it in SecureStorage. The stored token is then passed in the header for subsequent requests. This setup functions seamlessly, ensuring token validity whenever the app starts and has an internet connection.
If this seems like a solid approach, my main remaining question is about linking MongoDB documents to specific users. Passing the userId directly from the MAUI client to the API endpoint doesn't seem optimal. Instead, when accessing an endpoint like GetAllMyStudents (my documents are way more complex), should the API validate the access token and use it to determine the user's ID, then filter documents in MongoDB based on that user ID?
116 replies
I’m looking for feedback on the security setup, which uses .NET MAUI, ASP.NET Core, and MongoDB.
Technically it is native, only it has a WebView XAML component like any other component (buttons entry etc.)
"NET MAUI Blazor Hybrid (native, cross-platform) app, a Blazor Web App, and a Razor class library (RCL) that contains the shared UI (Razor components) used by the native and web apps."
116 replies
I’m looking for feedback on the security setup, which uses .NET MAUI, ASP.NET Core, and MongoDB.
Seems this post is about that:
https://medium.com/@ganeshonline6301/secure-your-net-maui-blazor-hybrid-app-with-azure-entra-id-authentication-0b28a127d66a
116 replies
I’m looking for feedback on the security setup, which uses .NET MAUI, ASP.NET Core, and MongoDB.
Yes it is my first app 😅 The app itself is ready now i am dealing this security stuff.
(now i just pass the logged in user Id from maui to the api and return the result) Now i see its kinda wrong 😄
116 replies
I’m looking for feedback on the security setup, which uses .NET MAUI, ASP.NET Core, and MongoDB.
First of all thank you for the feedback.
I used MongoDb becase my models are not relationals. So i thought if I already use i can just create another collection for the users but probably its a big mistake. (i had already this in my mind)
So from Maui side Registration and Login endpoints shall be accacable without any auth?
The other endpoints to get the documents or create only avaiable for the authenticated users?
As next step I need to add Microsoft Entry and Identity Manager to authenticate the users?
116 replies