aquaritek
Azure Key Vault (RBAC) and Local Developers?
Hey peeps,
I'm looking for a good solution pathway for a problem I'm encountering.
I'm currently trying to integrate Azure Key Vault for secrets storage on the development team side. There realistically is (this is opinionated) no better option to keep secrets from even the team (which is a requirement in my project). The issue, is that Azure is moving in favor of RBAC but the .NET support is still referencing Access Policies with certificates to gain access to vaults (https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-8.0)
Managed Identities are easy here but only work once the application is running in the Azure Service Fabric and I need to authenticate with RBAC for User Identities that exist in Entra from my local development machines.
The true issue here is when you enable RBAC for Azure Key Vault you disable Access Policies and vice versa.
Any thoughts would be appreciated.
2 replies
.Net 8 Blazor Web App Identity Framework Help
Super quick overview:
I have a Blazor Web App that is single process only hosting UI.
It communicates with a .Net Web Api for all backend services including Authentication.
Api side I have my own Identity Controller that's a mix of old and new endpoints for Identity (Doesn't really matter here because the end result is a properly issued token and that works fine).
Client side I have a customized workflow and implementation of AuthenticationStateProvider to satiate ClaimsPrinciples.
Here's the damn problem. In .Net 7 you could completely opt out of "Authentication" on the Blazor side and only use "Authorization" with .AddAuthorizationCore() then use a custom Auth workflow and AuthenticationStateProvider like I am. Decorate pages with @attribute [Authorize] and bobs your uncle the AuthenticationStateProvider would be invoked to check for a Principle.
In a .Net 8 Web App no matter what I do and this has been since yesterday. I'm being forced to utilize some sort of Authentication on the blazor side to utilize the [Authorize] attribute. It's driving me banana's because my whole Authentication workflow including Hyrdration of ClaimsPrinciple for that StateProvider is fully custom because of the Web Api.
Just for a little more detail the actual error that I get is:
InvalidOperationException: Unable to find the required 'IAuthenticationService' service. Please add all the required services by calling 'IServiceCollection.AddAuthentication' in the application startup code.
Do anyone have any thoughts here?
1 replies
❔ Identity and Authentication Advice or Suggestions
I'm building a Hosted Blazor WASM website with .Net 6 Backend API and I'm struggling to make a decision on the best option for integrating Authentication into this application.
The real problem is the Authentication mechanism will need to be able to support not only the blazor/api but native apps for each platform (already mostly developed)
I've looked at Microsoft Identity, Duende Identity Server, Google Firebase, Amazon Cognito, and Auth0 but man each one comes with it own long game to play to get really operational. Especially because I have the requirement of being able to have my users sign in with multiple providers. Such as Email/Password, Phone Number/Password, Login with Facebook, Login with Google, Login with Apple etc..
It really is a nightmare of information to process and digest. Do you have an suggestions or maybe information from experience on this to offer me?
Also on reddit: https://www.reddit.com/r/csharp/comments/103csna/identity_and_authentication_advice_or_suggestions/?utm_source=share&utm_medium=web2x&context=3
2 replies