News

Blazor Gets Authentication and Authorization in ASP.NET Core 3 Preview 6

• By David Ramel
• 06/13/2019

Microsoft shipped ASP.NET Core 3.0 Preview 6, with the red-hot Blazor project getting built-in support for handling authentication and authorization, among other updates.

.NET Core 3.0 Preview 6 also shipped, as the company aims for a September GA release for the major update that's replacing the old Windows-only .NET Framework and ASP.NET Framework (Web development) with open source, cross-platform alternatives.

Blazor, a former experimental project that uses WebAssembly to let .NET coders create Web apps with C# instead of JavaScript, is now part of ASP.NET Core and has stirred huge interest in the Microsoft-centric developer camp.

In Preview 6, authentication and authorization functionality has been added to Blazor, along with a revamp of directive attributes, standardizing the syntax for the attributes used to direct component compilation, such as ref, bind, event handlers and more. "This makes the Razor syntax used by Blazor more consistent and predictable," said Daniel Roth, principal program manager for ASP.NET in a June 12 blog post. "It also paves the way for future extensibility."

Regarding the authentication and authorization functionality, he said, "The server-side Blazor template now supports options for enabling all of the standard authentication configurations using ASP.NET Core Identity, Azure AD, and Azure AD B2C. We haven't updated the Blazor WebAssembly templates to support these options yet, but we plan to do so after .NET Core 3.0 has shipped."

Preview 6 also includes several improvements to gRPC, the open source remote procedure call system created by Google. Many developers were up in arms about Microsoft's decision to not include the.NET Framework Windows Communication Foundation (WCF) functionality in .NET Core. Microsoft said, "If you are a remoting or WCF developer and want to build a new application on .NET Core, we would recommend either ASP.NET Core Web APIs or gRPC (Google RPC, which provides cross platform and cross programming language contract based RPCs)."

Since then, an open source Core WCF has been started to address the gap, but it needs much community support to become a finished product.

Meanwhile, Microsoft continues to improve gRPC functionality in ASP.NET Core, with the new Preview 6 sporting:

• Managed gRPC Client: "In prior previews, we relied on the Grpc.Core library for client support. The addition of HTTP/2 support in HttpClient in this preview has allowed us to introduce a fully managed gRPC client." Note that commentary in the announcement post indicates this isn't supported yet in client-side Blazor.
• gRPC Client Factory: "Building on the opinionated pattern we introduced in HttpClientFactory, we've added a gRPC client factory for creating gRPC client instances in your project."
• gRPC Interceptors: "gRPC exposes a mechanism to intercept RPC invocations on both the client and the server. Interceptors can be used in conjunction with existing HTTP middleware. Unlike HTTP middleware, interceptors give you access to actual request/response objects before serialization (on the client) and after deserialization (on the server) and vice versa for the response."

Other updates include:

• New Razor features:
  • The new @attribute directive adds the specified attribute to the generated class.
  • The new @code directive is used in .razor files (not supported in .cshtml files) to specify a code block to add to the generated class as additional members.
  • The new @key directive attribute is used in .razor files to specify a value (any object or unique identifier) that the Blazor diffing algorithm can use to preserve elements or components in a list.
  • The new @namespace specifies the namespace for the generated class or the namespace prefix when used in an _Imports.razor file.
• Static assets in Razor class libraries: "Razor class libraries can now include static assets like JavaScript, CSS, and images. These static assets can then be included in ASP.NET Core apps by referencing the Razor class library project or via a package reference."
• Projects now use System.Text.Json by default: "New ASP.NET Core projects will now use System.Text.Json for JSON handling by default. In this release we removed Json.NET (Newtonsoft.Json) from the project templates."
• Certificate and Kerberos authentication
• SignalR Auto-reconnect