aquaritek
I'm working to get secrets out of our source code, into Azure Key Vault.
I recently had some issues with this and if you're using RBAC with your Key Vault and your developers have Entra Identities and use those to log into Visual Studio or VSCode then you're already done and don't need any fancy setup.
You can use the Azure.Identity nuget with it's DefaultAzureCredential() type used like this:
var azureSettings = builder.Configuration.GetSection("Azure");
builder.Configuration.AddAzureKeyVault(
new Uri($"https://{azureSettings["KeyVault"]}.vault.azure.net/"),
new DefaultAzureCredential());
DefaultAzureCredential will grab the identity registered in visual studio and access the resource. You need to be mindful of your network layer of course but that's a different topic.
This allows developers to only need the Key Vault Name in the appsettings.json and bobs your uncle. You will need to provision in the Azure Key Vault IAM each of the developers or even a group with access writes to the key vault but that is extremely easy.
Clean as a whistle and doesn't require any certificate management at all.
Some source content: https://github.com/Azure/azure-sdk-for-net/blob/Azure.Extensions.AspNetCore.Configuration.Secrets_1.3.1/sdk/identity/Azure.Identity/README.md
16 replies
Azure Key Vault (RBAC) and Local Developers?
I wanted to answer my own question here because the solution was extremely dumb:
There is a reason Azure provides RBAC with Entra and that is because if you're using tooling like Visual Studio and you're logged into Visual Studio with an Azure Entra Identity that has permissions to access Service Fabric Resources - you're already done.
You can use the Azure.Identity nuget with it's DefaultAzureCredential() type used like this:
var azureSettings = builder.Configuration.GetSection("Azure");
builder.Configuration.AddAzureKeyVault(
new Uri($"https://{azureSettings["KeyVault"]}.vault.azure.net/"),
new DefaultAzureCredential());
DefaultAzureCredential will grab the identity registered in visual studio and access the resource. You need to be mindful of your network layer of course but that's a different topic.
This allows developers to only need the Key Vault Name in the appsettings.json and bobs your uncle.
2 replies
Cleaning out Maui Template
From my understanding the Maui Blazor template is pretty thin already. Only including resources to essentially make the WebView2 component operational across each supported environment.
Maui is a bit of a different beast if your coming from the Web Arena there are a lot of dependencies that are platform specific that need to remain in tact to have an operational or host environment for Blazor within each platform.
While there might be some dependencies that could be removed I wouldn't personally do that because of the complexities of the ecosystem.
3 replies
API does not store keys from IdentityServer to validate tokens
This is actually the correct behavior of an OAuth/Oidc environment. Identity Server acts as the broker in all requests and is the only source of truth for Authentication & Authorization.
When a user signs in they are given an opaque token (Jwt in this case) that references within itself a set of resources they can communicate with such as your API service. This token also includes access to the operation session for that token (user) on the issuing server in this case Identity Server.
When you make a request to the API service the API must validate that token against your Identity Server instance to see if the token is valid to perform said action. The reason for this is because the IS instance is the only source of truth.
Your API instance remains dumb essentially - as well as any other services you may create. They're job is to always validate against the source of truth before moving forward.
3 replies
Maui App looks different on different platforms
While I can't answer this question directly. I did want to give a more broadly scoped response.
Since Maui compiles to Native environment components for each supported platform. You're definitely going to experience issues keeping the "look" identical across said platforms.
It's very much like other "compile to native" libraries like React Native for example.
Maui w/Blazor and it's WebView2 rendering wrapper would allow you to create identical application UI's across each supported platform (with its own quirks of course). It behaves a lot more like Flutter in that sense - while architecturally very different of course.
Just tossing this in here.
7 replies
Blazor .net8 DI state sharing between client and server
You need to use an implementation of PersistentComponentState (https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.components.persistentcomponentstate?view=aspnetcore-8.0)
For an example you can look at the new Identity Scaffold for Individual Accounts. They make use of it to pass authentication state to Wasm in Auto mode components.
2 replies