SlideShare ist ein Scribd-Unternehmen logo

Blazor, lo sapevi che...

Andrea Dottor
Andrea Dottor

Stanco delle solite sessioni introduttive o generiche su blazor? Bene, questa è la serata che fa per te. In questa sessione ho raccolto una serie di argomenti, problematiche e tips derivanti da due anni di utilizzo di Blazor (praticamente dal suo lancio). Casi reali affrontanti e risolti. E come nel (ormai) classico format online di XE, ci sarà ampio spazio per le domande ed il confronto.

Technologie
1 von 28
Downloaden Sie, um offline zu lesen
xedotnet.org Andrea Dottor @dottor Blazor, lo sapevi che...
Agenda: • Authentication • Build reusable UI components • Javascript Interop Intro
DEMO Demo app: Umarell 2.0
OAuth and OIDC as the best option for authentication in Blazor WebAssembly apps • AddOidcAuthentication • AddMsalAuthentication • AddMicrosoftIdentityWebApi • AddIdentityServerJwt Authentication
Duende Software might require you to pay a license fee for production use of Duende Identity Server. Authentication - Identity Server
Requirements: • The UI and the backend are one application which are coupled together. • The WASM client can only use APIs hosted on the same domain. With cookie authentication, the Blazor application can served (downloaded) after a successful login. • We can use [Authorize] on _Host.cshtml page Cookie authentication
Token-based authentication based on JSON Web Tokens (JWTs) was chosen over cookie-based authentication for functional and security reasons: • Using a token-based protocol offers a smaller attack surface area, as the tokens aren't sent in all requests. • Server endpoints don't require protection against Cross-Site Request Forgery (CSRF) because the tokens are sent explicitly. • Tokens have narrower permissions than cookies. • Tokens have a short lifetime, one hour by default, which limits the attack window. Tokens can also be revoked at any time. • Self-contained JWTs offer guarantees to the client and server about the authentication process. • Tokens with OAuth and OIDC don't rely on the user agent behaving correctly to ensure that the app is secure. • Token-based protocols, such as OAuth and OIDC, allow for authenticating and authorizing hosted and standalone apps with the same set of security characteristics. Authentication
DEMO
Blazor apps are built using Razor components, informally known as Blazor components. A component is a self-contained portion of user interface (UI) with processing logic to enable dynamic behavior. Components can be nested, reused, shared among projects, and used in MVC and Razor Pages apps. Components
Components can use a singleton service for comunicate. We can use a state container to maintain the application status: • It can be a simple class injected as a singleton (Blazor WebAssembly) or scoped service (Blazor Server) Use events to notify changes. Dependency Injection, singleton, event
DEMO DEMO: MessageBox
To call into JS from .NET, inject the IJSRuntime abstraction and call one of the following methods: • IJSRuntime.InvokeAsync • JSRuntimeExtensions.InvokeAsync • JSRuntimeExtensions.InvokeVoidAsync The TValue return type must also be JSON serializable. TValue should match the .NET type that best maps to the JSON type returned. A JS Promise is returned for InvokeAsync methods. InvokeAsync unwraps the Promise and returns the value awaited by the Promise. You can call JS method only after that the component is rendered. IJSRuntime
Blazor enables JavaScript (JS) isolation in standard JavaScript modules (ECMAScript specification). JS isolation provides the following benefits: • Imported JS no longer pollutes the global namespace. • Consumers of a library and components aren't required to import the related JS. JavaScript isolation, IJSObjectReference
Disposes the IJSObjectReference for garbage collection in IAsyncDisposable.DisposeAsync. When the external JS file is supplied by a Razor class library, specify the module's JS file using its stable static web asset path: "./_content/{PACKAGE ID}/{SCRIPT PATH AND FILENAME (.js)}" IJSInProcessObjectReference represents a reference to a JS object whose functions can be invoked synchronously. IJSObjectReference, IJSInProcessObjectReference
Blazor WebAssembly components may experience poor performance when .NET objects are serialized for JavaScript (JS) interop and either of the following are true: • A high volume of .NET objects are rapidly serialized. For example, poor performance may result when JS interop calls are made on the basis of moving an input device, such as spinning a mouse wheel. • Large .NET objects or many .NET objects must be serialized for JS interop. For example, poor performance may result when JS interop calls require serializing dozens of files. IJSUnmarshalledObjectReference represents a reference to an JS object whose functions can be invoked without the overhead of serializing .NET data. IJSUnmarshalledObjectReference
IJSUnmarshalledObjectReference
Only use an element reference to mutate the contents of an empty element that doesn't interact with Blazor. An ElementReference can't be passed between components because: • The instance is only guaranteed to exist after the component is rendered, which is during or after a component's OnAfterRender/OnAfterRenderAsync method executes. • An ElementReference is a struct, which can't be passed as a component parameter. ElementReference
To invoke a static .NET method from JavaScript (JS), use the JS functions DotNet.invokeMethod or DotNet.invokeMethodAsync: • DotNet.invokeMethodAsync('{ASSEMBLY NAME}', '{.NET METHOD ID}', {ARGUMENTS}); • The .NET method must be public, static, and have the [JSInvokable] attribute. To invoke an instance .NET method from JavaScript (JS): • Pass the .NET instance by reference to JS by wrapping the instance in a DotNetObjectReference and calling Create on it. • Invoke a .NET instance method from JS using invokeMethod or invokeMethodAsync from the passed DotNetObjectReference. The .NET instance can also be passed as an argument when invoking other .NET methods from JS. • Dispose of the DotNetObjectReference. Call .NET methods from JavaScript
JavaScript (JS) files and other static assets aren't generally cached on clients during development in the Development environment. During development, static asset requests include the Cache-Control header with a value of no-cache or max-age with a value of zero (0). During production in the Production environment, JS files are usually cached by clients. Cached JavaScript files
DEMO DEMO: JavaScript interop
• Ability to run multiple Blazor server / Web assembly apps in the same document • Empty Blazor project template • Real multithreading (on supported browsers) • Pause and resume Blazor applications • More control over circuits lifetime (ability to monitor circuit activity and terminate from client/server) • Server-side Blazor: Provide APIs/Extension Points for Circuit Eviction • Improve prerendering and authentication experience in Blazor What's new in .NET 7
What's new in .NET 7 https://github.com/dotnet/aspnetcore/issues/39504
Blazor: After finishing Blazor Hybrid support for .NET MAUI, WPF, and Windows Forms, we’ll make broad improvements to Blazor including: • New .NET WebAssembly capabilities: mixed-mode AOT, multithreading, web crypto. • Enhanced Hot Reload support. • Data binding improvements. • More flexible prerendering. • More control over the lifecycle of Blazor Server circuits. • Improved support for micro frontends. ASP.NET Core updates in .NET 7 Preview 1
Riferimenti • Call JavaScript functions from .NET methods in ASP.NET Core Blazor • https://docs.microsoft.com/en-us/aspnet/core/blazor/javascript-interoperability/call-javascript-from-dotnet • Call .NET methods from JavaScript functions in ASP.NET Core Blazor • https://docs.microsoft.com/en-us/aspnet/core/blazor/javascript-interoperability/call-dotnet-from-javascript • ASP.NET Community Standup - Blazor .NET 7 Roadmap • https://www.youtube.com/watch?v=3o91I6lD-Bo • What's Coming for Blazor Hybrid in .NET 7 • https://visualstudiomagazine.com/articles/2022/02/10/blazor-hybrid-net-7.aspx • ASP.NET Core Roadmap for .NET 7 #39504 • https://github.com/dotnet/aspnetcore/issues/39504
• Secure a Blazor WebAssembly application with cookie authentication • https://guidnew.com/en/blog/secure-a-blazor-webassembly-application-with-cookie-authentication/ • Securing Blazor Web assembly using cookies • https://damienbod.com/2021/03/08/securing-blazor-web-assembly-using-cookies/ • ASP.NET Core Roadmap for .NET 7 #39504 • https://github.com/dotnet/aspnetcore/issues/39504 Riferimenti
www.dottor.net andrea@dottor.net @dottor Andrea Dottor Microsoft MVP Developer Technologies Contatti
Podcast ".NET in Pillole"
DEV.is.it

Empfohlen

Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...
Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...
Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...
Andrea Dottor
 
Start with Angular framework
Start with Angular frameworkStart with Angular framework
Start with Angular framework
Knoldus Inc.
 
Node.js Chapter1
Node.js Chapter1Node.js Chapter1
Node.js Chapter1
Talentica Software
 
Node js Chapter-2
Node js Chapter-2Node js Chapter-2
Node js Chapter-2
Talentica Software
 
Building Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScriptBuilding Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScript
MSDEVMTL
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
Pragnesh Vaghela
 
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
DataArt
 
Microservices in Scala: Play Framework
Microservices in Scala: Play FrameworkMicroservices in Scala: Play Framework
Microservices in Scala: Play Framework
Łukasz Sowa
 

Empfohlen

Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...
Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...
Come sta la nostra applicazione? Un viaggio alla scoperta degli Health Check ...
Andrea Dottor
 
Start with Angular framework
Start with Angular frameworkStart with Angular framework
Start with Angular framework
Knoldus Inc.
 
Node.js Chapter1
Node.js Chapter1Node.js Chapter1
Node.js Chapter1
Talentica Software
 
Node js Chapter-2
Node js Chapter-2Node js Chapter-2
Node js Chapter-2
Talentica Software
 
Building Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScriptBuilding Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScript
MSDEVMTL
 
Introduction to Node js
Introduction to Node jsIntroduction to Node js
Introduction to Node js
Pragnesh Vaghela
 
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
DataArt
 
Microservices in Scala: Play Framework
Microservices in Scala: Play FrameworkMicroservices in Scala: Play Framework
Microservices in Scala: Play Framework
Łukasz Sowa
 
Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
VMware Tanzu
 
Testing Microservices
Testing MicroservicesTesting Microservices
Testing Microservices
Anil Allewar
 
Why I am hooked on the future of React
Why I am hooked on the future of ReactWhy I am hooked on the future of React
Why I am hooked on the future of React
Maurice De Beijer [MVP]
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTP
Rafal Gancarz
 
NodeJS - Server Side JS
NodeJS - Server Side JS NodeJS - Server Side JS
NodeJS - Server Side JS
Ganesh Kondal
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
Valeri Karpov
 
Building Reliable Applications Using React, .NET & Azure
Building Reliable Applications Using React, .NET & AzureBuilding Reliable Applications Using React, .NET & Azure
Building Reliable Applications Using React, .NET & Azure
Maurice De Beijer [MVP]
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with Micronaut
QAware GmbH
 
Node js for enterprise
Node js for enterpriseNode js for enterprise
Node js for enterprise
ravisankar munusamy
 
NuGet 3.0 - Transitioning from OData to JSON-LD
NuGet 3.0 - Transitioning from OData to JSON-LDNuGet 3.0 - Transitioning from OData to JSON-LD
NuGet 3.0 - Transitioning from OData to JSON-LD
Jeff Handley
 
Micronaut Deep Dive - Devnexus 2019
Micronaut Deep Dive - Devnexus 2019Micronaut Deep Dive - Devnexus 2019
Micronaut Deep Dive - Devnexus 2019
graemerocher
 
Node js
Node jsNode js
Node js
umesh patil
 
Owin and Katana
Owin and KatanaOwin and Katana
Owin and Katana
Ugo Lattanzi
 
NodeJS ecosystem
NodeJS ecosystemNodeJS ecosystem
NodeJS ecosystem
Yukti Kaura
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s Life
GlobalLogic Ukraine
 
ASP.NET: Present and future
ASP.NET: Present and futureASP.NET: Present and future
ASP.NET: Present and future
Hrvoje Hudoletnjak
 
Andrea Di Persio
Andrea Di PersioAndrea Di Persio
Andrea Di Persio
CodeFest
 
你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)
你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)
你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)
Will Huang
 
Node Session - 1
Node Session - 1Node Session - 1
Node Session - 1
Bhavin Shah
 
Node.js quick intro
Node.js quick introNode.js quick intro
Node.js quick intro
Aleksandr Tsertkov
 
Azure serverless architectures
Azure serverless architecturesAzure serverless architectures
Azure serverless architectures
Benoit Le Pichon
 
SFDC Inbound Integrations
SFDC Inbound IntegrationsSFDC Inbound Integrations
SFDC Inbound Integrations
Sujit Kumar
 

Weitere ähnliche Inhalte

Was ist angesagt?

Testing Microservices
Testing MicroservicesTesting Microservices
Testing Microservices
Anil Allewar
 
Why I am hooked on the future of React
Why I am hooked on the future of ReactWhy I am hooked on the future of React
Why I am hooked on the future of React
Maurice De Beijer [MVP]
 
Building Reliable Applications Using React, .NET & Azure
Building Reliable Applications Using React, .NET & AzureBuilding Reliable Applications Using React, .NET & Azure
Building Reliable Applications Using React, .NET & Azure
Maurice De Beijer [MVP]
 

Was ist angesagt? (20)

Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
Winning the Lottery with Spring: A Microservices Case Study for the Dutch Lot...
 
Testing Microservices
Testing MicroservicesTesting Microservices
Testing Microservices
 
Why I am hooked on the future of React
Why I am hooked on the future of ReactWhy I am hooked on the future of React
Why I am hooked on the future of React
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTP
 
NodeJS - Server Side JS
NodeJS - Server Side JS NodeJS - Server Side JS
NodeJS - Server Side JS
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
 
Building Reliable Applications Using React, .NET & Azure
Building Reliable Applications Using React, .NET & AzureBuilding Reliable Applications Using React, .NET & Azure
Building Reliable Applications Using React, .NET & Azure
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with Micronaut
 
Node js for enterprise
Node js for enterpriseNode js for enterprise
Node js for enterprise
 
NuGet 3.0 - Transitioning from OData to JSON-LD
NuGet 3.0 - Transitioning from OData to JSON-LDNuGet 3.0 - Transitioning from OData to JSON-LD
NuGet 3.0 - Transitioning from OData to JSON-LD
 
Micronaut Deep Dive - Devnexus 2019
Micronaut Deep Dive - Devnexus 2019Micronaut Deep Dive - Devnexus 2019
Micronaut Deep Dive - Devnexus 2019
 
Node js
Node jsNode js
Node js
 
Owin and Katana
Owin and KatanaOwin and Katana
Owin and Katana
 
NodeJS ecosystem
NodeJS ecosystemNodeJS ecosystem
NodeJS ecosystem
 
Docker in a JS Developer’s Life
Docker in a JS Developer’s LifeDocker in a JS Developer’s Life
Docker in a JS Developer’s Life
 
ASP.NET: Present and future
ASP.NET: Present and futureASP.NET: Present and future
ASP.NET: Present and future
 
Andrea Di Persio
Andrea Di PersioAndrea Di Persio
Andrea Di Persio
 
你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)
你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)
你不可不知的 ASP.NET Core 3 全新功能探索 (.NET Conf 2019)
 
Node Session - 1
Node Session - 1Node Session - 1
Node Session - 1
 
Node.js quick intro
Node.js quick introNode.js quick intro
Node.js quick intro
 

Ähnlich wie Blazor, lo sapevi che...

CMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTCMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORT
Sandyarathi Das
 
Developing and deploying windows azure applications
Developing and deploying windows azure applicationsDeveloping and deploying windows azure applications
Developing and deploying windows azure applications
Manish Corriea
 
Connect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket PipelinesConnect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket Pipelines
Atlassian
 
Tech io spa_angularjs_20130814_v0.9.5
Tech io spa_angularjs_20130814_v0.9.5Tech io spa_angularjs_20130814_v0.9.5
Tech io spa_angularjs_20130814_v0.9.5
Ganesh Kondal
 

Ähnlich wie Blazor, lo sapevi che... (20)

Azure serverless architectures
Azure serverless architecturesAzure serverless architectures
Azure serverless architectures
 
SFDC Inbound Integrations
SFDC Inbound IntegrationsSFDC Inbound Integrations
SFDC Inbound Integrations
 
Struts 2 - Introduction
Struts 2 - Introduction Struts 2 - Introduction
Struts 2 - Introduction
 
CMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTCMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORT
 
Developing and deploying windows azure applications
Developing and deploying windows azure applicationsDeveloping and deploying windows azure applications
Developing and deploying windows azure applications
 
VMworld 2013: vSphere UI Platform Best Practices: Putting the Web Client SDK ...
VMworld 2013: vSphere UI Platform Best Practices: Putting the Web Client SDK ...VMworld 2013: vSphere UI Platform Best Practices: Putting the Web Client SDK ...
VMworld 2013: vSphere UI Platform Best Practices: Putting the Web Client SDK ...
 
Session 41 - Struts 2 Introduction
Session 41 - Struts 2 IntroductionSession 41 - Struts 2 Introduction
Session 41 - Struts 2 Introduction
 
Introduction to angular | Concepts and Environment setup
Introduction to angular | Concepts and Environment setupIntroduction to angular | Concepts and Environment setup
Introduction to angular | Concepts and Environment setup
 
Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC Cloud compiler - Minor Project by students of CBPGEC
Cloud compiler - Minor Project by students of CBPGEC
 
ASP.NET MVC 3
ASP.NET MVC 3ASP.NET MVC 3
ASP.NET MVC 3
 
Chinnasamy Manickam
Chinnasamy ManickamChinnasamy Manickam
Chinnasamy Manickam
 
Connect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket PipelinesConnect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket Pipelines
 
.NET Core Apps: Design & Development
.NET Core Apps: Design & Development.NET Core Apps: Design & Development
.NET Core Apps: Design & Development
 
Sug bangalore - headless jss
Sug bangalore - headless jssSug bangalore - headless jss
Sug bangalore - headless jss
 
Top java script frameworks ppt
Top java script frameworks pptTop java script frameworks ppt
Top java script frameworks ppt
 
Ppt for Online music store
Ppt for Online music storePpt for Online music store
Ppt for Online music store
 
Valentine with Angular js - Introduction
Valentine with Angular js - IntroductionValentine with Angular js - Introduction
Valentine with Angular js - Introduction
 
Tech io spa_angularjs_20130814_v0.9.5
Tech io spa_angularjs_20130814_v0.9.5Tech io spa_angularjs_20130814_v0.9.5
Tech io spa_angularjs_20130814_v0.9.5
 
ASP .Net Core SPA Templates
ASP .Net Core SPA TemplatesASP .Net Core SPA Templates
ASP .Net Core SPA Templates
 
SynapseIndia asp.net2.0 ajax Development
SynapseIndia asp.net2.0 ajax DevelopmentSynapseIndia asp.net2.0 ajax Development
SynapseIndia asp.net2.0 ajax Development
 

Mehr von Andrea Dottor

Mehr von Andrea Dottor (20)

Blazor ♥️ JavaScript
Blazor ♥️ JavaScriptBlazor ♥️ JavaScript
Blazor ♥️ JavaScript
 
Dal RenderFragment ai Generics, tips for Blazor developers
Dal RenderFragment ai Generics, tips for Blazor developersDal RenderFragment ai Generics, tips for Blazor developers
Dal RenderFragment ai Generics, tips for Blazor developers
 
Blazor per uno sviluppatore Web Form
Blazor per uno sviluppatore Web FormBlazor per uno sviluppatore Web Form
Blazor per uno sviluppatore Web Form
 
Blazor ha vinto? Storie di casi reali
Blazor ha vinto? Storie di casi realiBlazor ha vinto? Storie di casi reali
Blazor ha vinto? Storie di casi reali
 
What's New in ASP.NET Core 3
What's New in ASP.NET Core 3What's New in ASP.NET Core 3
What's New in ASP.NET Core 3
 
Alla scoperta di gRPC
Alla scoperta di gRPCAlla scoperta di gRPC
Alla scoperta di gRPC
 
Back to the Future: Migrare da WebForm ad ASP.NET Core gradualmente
Back to the Future: Migrare da WebForm ad ASP.NET Core gradualmente Back to the Future: Migrare da WebForm ad ASP.NET Core gradualmente
Back to the Future: Migrare da WebForm ad ASP.NET Core gradualmente
 
Real case: migrate from Web Forms to ASP.NET Core gradually
Real case: migrate from Web Forms to ASP.NET Core graduallyReal case: migrate from Web Forms to ASP.NET Core gradually
Real case: migrate from Web Forms to ASP.NET Core gradually
 
ASP.NET Core - Razor Pages
ASP.NET Core - Razor PagesASP.NET Core - Razor Pages
ASP.NET Core - Razor Pages
 
ASP.NET Core - dove siamo arrivati
ASP.NET Core - dove siamo arrivatiASP.NET Core - dove siamo arrivati
ASP.NET Core - dove siamo arrivati
 
Dependency injection questa sconosciuta
Dependency injection questa sconosciutaDependency injection questa sconosciuta
Dependency injection questa sconosciuta
 
Customize ASP.NET Core scaffolding
Customize ASP.NET Core scaffoldingCustomize ASP.NET Core scaffolding
Customize ASP.NET Core scaffolding
 
ASP.NET, ottimizziamo con la cache
ASP.NET, ottimizziamo con la cacheASP.NET, ottimizziamo con la cache
ASP.NET, ottimizziamo con la cache
 
Cosa c'è di nuovo in asp.net core 2 0
Cosa c'è di nuovo in asp.net core 2 0Cosa c'è di nuovo in asp.net core 2 0
Cosa c'è di nuovo in asp.net core 2 0
 
Creare API pubbliche, come evitare gli errori comuni
Creare API pubbliche, come evitare gli errori comuni Creare API pubbliche, come evitare gli errori comuni
Creare API pubbliche, come evitare gli errori comuni
 
Deploy & Run on Azure App Service
Deploy & Run on Azure App ServiceDeploy & Run on Azure App Service
Deploy & Run on Azure App Service
 
ASP.NET Core
ASP.NET CoreASP.NET Core
ASP.NET Core
 
L'evoluzione del web
L'evoluzione del webL'evoluzione del web
L'evoluzione del web
 
Introduzione ad ASP.NET Core
Introduzione ad ASP.NET CoreIntroduzione ad ASP.NET Core
Introduzione ad ASP.NET Core
 
Sviluppare Azure Web Apps
Sviluppare Azure Web AppsSviluppare Azure Web Apps
Sviluppare Azure Web Apps
 

Kürzlich hochgeladen

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Blazor, lo sapevi che...

  • 2. Agenda: • Authentication • Build reusable UI components • Javascript Interop Intro
  • 4. OAuth and OIDC as the best option for authentication in Blazor WebAssembly apps • AddOidcAuthentication • AddMsalAuthentication • AddMicrosoftIdentityWebApi • AddIdentityServerJwt Authentication
  • 5. Duende Software might require you to pay a license fee for production use of Duende Identity Server. Authentication - Identity Server
  • 6. Requirements: • The UI and the backend are one application which are coupled together. • The WASM client can only use APIs hosted on the same domain. With cookie authentication, the Blazor application can served (downloaded) after a successful login. • We can use [Authorize] on _Host.cshtml page Cookie authentication
  • 7. Token-based authentication based on JSON Web Tokens (JWTs) was chosen over cookie-based authentication for functional and security reasons: • Using a token-based protocol offers a smaller attack surface area, as the tokens aren't sent in all requests. • Server endpoints don't require protection against Cross-Site Request Forgery (CSRF) because the tokens are sent explicitly. • Tokens have narrower permissions than cookies. • Tokens have a short lifetime, one hour by default, which limits the attack window. Tokens can also be revoked at any time. • Self-contained JWTs offer guarantees to the client and server about the authentication process. • Tokens with OAuth and OIDC don't rely on the user agent behaving correctly to ensure that the app is secure. • Token-based protocols, such as OAuth and OIDC, allow for authenticating and authorizing hosted and standalone apps with the same set of security characteristics. Authentication
  • 9. Blazor apps are built using Razor components, informally known as Blazor components. A component is a self-contained portion of user interface (UI) with processing logic to enable dynamic behavior. Components can be nested, reused, shared among projects, and used in MVC and Razor Pages apps. Components
  • 10. Components can use a singleton service for comunicate. We can use a state container to maintain the application status: • It can be a simple class injected as a singleton (Blazor WebAssembly) or scoped service (Blazor Server) Use events to notify changes. Dependency Injection, singleton, event
  • 12. To call into JS from .NET, inject the IJSRuntime abstraction and call one of the following methods: • IJSRuntime.InvokeAsync • JSRuntimeExtensions.InvokeAsync • JSRuntimeExtensions.InvokeVoidAsync The TValue return type must also be JSON serializable. TValue should match the .NET type that best maps to the JSON type returned. A JS Promise is returned for InvokeAsync methods. InvokeAsync unwraps the Promise and returns the value awaited by the Promise. You can call JS method only after that the component is rendered. IJSRuntime
  • 13. Blazor enables JavaScript (JS) isolation in standard JavaScript modules (ECMAScript specification). JS isolation provides the following benefits: • Imported JS no longer pollutes the global namespace. • Consumers of a library and components aren't required to import the related JS. JavaScript isolation, IJSObjectReference
  • 14. Disposes the IJSObjectReference for garbage collection in IAsyncDisposable.DisposeAsync. When the external JS file is supplied by a Razor class library, specify the module's JS file using its stable static web asset path: "./_content/{PACKAGE ID}/{SCRIPT PATH AND FILENAME (.js)}" IJSInProcessObjectReference represents a reference to a JS object whose functions can be invoked synchronously. IJSObjectReference, IJSInProcessObjectReference
  • 15. Blazor WebAssembly components may experience poor performance when .NET objects are serialized for JavaScript (JS) interop and either of the following are true: • A high volume of .NET objects are rapidly serialized. For example, poor performance may result when JS interop calls are made on the basis of moving an input device, such as spinning a mouse wheel. • Large .NET objects or many .NET objects must be serialized for JS interop. For example, poor performance may result when JS interop calls require serializing dozens of files. IJSUnmarshalledObjectReference represents a reference to an JS object whose functions can be invoked without the overhead of serializing .NET data. IJSUnmarshalledObjectReference
  • 17. Only use an element reference to mutate the contents of an empty element that doesn't interact with Blazor. An ElementReference can't be passed between components because: • The instance is only guaranteed to exist after the component is rendered, which is during or after a component's OnAfterRender/OnAfterRenderAsync method executes. • An ElementReference is a struct, which can't be passed as a component parameter. ElementReference
  • 18. To invoke a static .NET method from JavaScript (JS), use the JS functions DotNet.invokeMethod or DotNet.invokeMethodAsync: • DotNet.invokeMethodAsync('{ASSEMBLY NAME}', '{.NET METHOD ID}', {ARGUMENTS}); • The .NET method must be public, static, and have the [JSInvokable] attribute. To invoke an instance .NET method from JavaScript (JS): • Pass the .NET instance by reference to JS by wrapping the instance in a DotNetObjectReference and calling Create on it. • Invoke a .NET instance method from JS using invokeMethod or invokeMethodAsync from the passed DotNetObjectReference. The .NET instance can also be passed as an argument when invoking other .NET methods from JS. • Dispose of the DotNetObjectReference. Call .NET methods from JavaScript
  • 19. JavaScript (JS) files and other static assets aren't generally cached on clients during development in the Development environment. During development, static asset requests include the Cache-Control header with a value of no-cache or max-age with a value of zero (0). During production in the Production environment, JS files are usually cached by clients. Cached JavaScript files
  • 21. • Ability to run multiple Blazor server / Web assembly apps in the same document • Empty Blazor project template • Real multithreading (on supported browsers) • Pause and resume Blazor applications • More control over circuits lifetime (ability to monitor circuit activity and terminate from client/server) • Server-side Blazor: Provide APIs/Extension Points for Circuit Eviction • Improve prerendering and authentication experience in Blazor What's new in .NET 7
  • 22. What's new in .NET 7 https://github.com/dotnet/aspnetcore/issues/39504
  • 23. Blazor: After finishing Blazor Hybrid support for .NET MAUI, WPF, and Windows Forms, we’ll make broad improvements to Blazor including: • New .NET WebAssembly capabilities: mixed-mode AOT, multithreading, web crypto. • Enhanced Hot Reload support. • Data binding improvements. • More flexible prerendering. • More control over the lifecycle of Blazor Server circuits. • Improved support for micro frontends. ASP.NET Core updates in .NET 7 Preview 1
  • 24. Riferimenti • Call JavaScript functions from .NET methods in ASP.NET Core Blazor • https://docs.microsoft.com/en-us/aspnet/core/blazor/javascript-interoperability/call-javascript-from-dotnet • Call .NET methods from JavaScript functions in ASP.NET Core Blazor • https://docs.microsoft.com/en-us/aspnet/core/blazor/javascript-interoperability/call-dotnet-from-javascript • ASP.NET Community Standup - Blazor .NET 7 Roadmap • https://www.youtube.com/watch?v=3o91I6lD-Bo • What's Coming for Blazor Hybrid in .NET 7 • https://visualstudiomagazine.com/articles/2022/02/10/blazor-hybrid-net-7.aspx • ASP.NET Core Roadmap for .NET 7 #39504 • https://github.com/dotnet/aspnetcore/issues/39504
  • 25. • Secure a Blazor WebAssembly application with cookie authentication • https://guidnew.com/en/blog/secure-a-blazor-webassembly-application-with-cookie-authentication/ • Securing Blazor Web assembly using cookies • https://damienbod.com/2021/03/08/securing-blazor-web-assembly-using-cookies/ • ASP.NET Core Roadmap for .NET 7 #39504 • https://github.com/dotnet/aspnetcore/issues/39504 Riferimenti
  • 27. Podcast ".NET in Pillole"