Blazor WASM + .Net Core API Security

Hi I am a little new to this and was just wondering if there is a good example to follow?

I have a Blazor WASM/Client project that authenticates currently with Okta, I also have an API that said Blazor app calls to retrieve user + inventory data. Right now the API is only accessible from the Blazor site, but I am sure that is not sufficient security…what is the best way/guide to secure an API with the same session/context already obtained from the front end?

Thank you!

Hi, you have two projects? the client is wasm? and your API(.net core) is accessible by blazor? do you have the same port and domain? and works? how do configure your wasm and APi in Okta? you have some example? I have some problems… currently I have my client in http:\ and my API in http:\ my client works I can access by okta but when i try to access to my API I have issues with the token… regards


Sorry I should have been more clear. Yes they are two separate projects in the same solution, running on different ports. Blazor WASM can call via the HTTP client to the API. This works however I have no authentication to the API :frowning:

This is the same problem that my API have… :frowning_face:
There is not much documentation on the scenery, if I find something I will share it with you.

1 Like

I managed to get the API configured based on this link Before you begin | Okta Developer. However, in the documentation is says

You can browse to http://localhost:8000/api/messages to ensure it has started. If you get a 401 HTTP error, it indicates that the resource server is up. You will need to pass an access token to access the resource, which will be done by the front-end below.

My question is, the React examples have things like Okta.GetAccessToken() before they put in the bearer, is there an example on how to do this in Blazor?


The following link has both a web assembly sample and a server side sample. Hope this helps.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.