Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Blazor][Wasm] Set oidc Authentication Options to Local Storage

See original GitHub issue

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

There is an existing issue for this but it is closed (#20574), I really think this feature is needed to allow the developer to choose where he wants to store. My current problem is that I choose Blazor as my frontend technology and I’m using ElectronJS as my container, I want to be able to allow the user to open multiple windows do make use of multiple monitors. Right now using SessionStorage, every time the user needs to Undock a panel into a separate window it triggers authentication again, I know it does not ask for credentials, it does it silently but it does go through the “Authorizing…” handshake before actually redirecting to the component. That is bad for user experience it is generating a new token in each new window. I tried to remediate this through Electron but it does not work, even populating the sessionStorage with the content of the main window it still goes through the authorization dance.

Describe the solution you’d like

I want to be able to set the Storage mechanism to be used, just like MsalAuthentication:

builder.Services.AddMsalAuthentication(options => { options.ProviderOptions.Cache.CacheLocation = "localStorage"; ... });

so it would be something like:

builder.Services.AddOidcAuthentication(options => { options.ProviderOptions.Cache.CacheLocation = "localStorage"; ... });

Additional context

No response

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:7
  • Comments:7 (1 by maintainers)

github_iconTop GitHub Comments

2reactions
gingterscommented, Feb 16, 2023

As a workaround, you can monkey patch the window.sessionStorage to point to the localStorage instead:

Just before including the AuthenticationService.js you can add this:

    <script>
        /* Monkey patch the localStorage onto the sessionStorage variable and accessor

           Since oidc-client-js by default uses sessionStorage and the Blazor AuthenticationService
           wrapper around it does not allow changing the configuration of that to localStorage,
           and because the wrapper directly uses window.sessionStorage for its own additional data,
           we have to change the global variable and the window property to point to localStorage instead.
        */
        const originalSessionStorage = window.sessionStorage;
        const sessionStorage = window.localStorage;
        Object.defineProperty(window, 'sessionStorage', { get: () => window.localStorage });
    </script>
    <script src="_content/Microsoft.AspNetCore.Components.WebAssembly.Authentication/AuthenticationService.js"></script>

Yes, this is a bit rough and when you still need to access sessionStorage you need to use originalSessionStorage instead, but it works and keeps you logged in between different browser sessions.

2reactions
ahmad2smilecommented, Oct 30, 2022

Please consider this feature more carefully than this comment:

https://github.com/dotnet/aspnetcore/issues/20574#issuecomment-610545261

I don’t think you should dismiss such a fundamental requirement on such a diverse platform like web. Many people have their own unique scenarios which you can’t possibly account for all, so giving more options is the right away here rather than locking ppl down cause you “know better” security.

To put a concrete example where exception is needed, I’m using OIDC Provider which has disabled iFrame with error:

Refused to display 'http://localhost:8080/' in a frame because it set 'X-Frame-Options' to 'deny'.

So, I endup having to manually login on each tab, Plus of it I don’t wanna call the server on each tab/new page load, Plus I’m building a internal tool where I’m perfectly happy to take risks of localStorage.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Securing Blazor WebAssembly Apps - Auth0 Community
I faced one problem that was described here: [Blazor][Wasm] Set oidc Authentication Options in local storage · Issue #20574 · dotnet/aspnetcore · GitHub...
Read more >
ASP.NET Core Blazor WebAssembly additional security ...
Learn how to configure Blazor WebAssembly for additional security ... OpenID Connect (OIDC), the authentication state is maintained locally ...
Read more >
Secure an ASP.NET Core Blazor WebAssembly ...
This article explains how to secure an ASP.NET Core Blazor WebAssembly standalone app with the Blazor WebAssembly Authentication library.
Read more >
How can I customize Blazor WebAssembly Msal auth to ...
I have figured it out by browsing the MSAL.js docs: there is a cacheLocation config property that can be set to localStorage, and...
Read more >
Blazor WebAssembly Authentication with ASP.NET Core ...
In this article, we are going to learn about the Blazor WebAssembly Authentication with external Web API project and ASP.NET Core Identity.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Hot Reload not working with Razor cshtml in Azure Functions

Next page

Using WithSummary() for Minimal API endpoints does not render when using Swashbuckle.AspNetCore