Hi, we followed your documentation to get a Blazorise product token and it works great. We also have an app matching your template of web assembly Blazor app.
We're trying to secure the product token and not serve it in app settings or whatever so it's not public but can't find a way.
We have an Azure key vault in the host project that we can contact to get the token but we can't pass the value to the web assembly.
Any way to do this properly?
Thanks
8 Answer(s)
-
0
There is no secure way to keep the Blazorise product token hidden from the client in a Blazor WebAssembly (WASM) application. In WASM, all application code and configuration—including any tokens or secrets—are downloaded to the user's browser, making it impossible to keep such values confidential.
Even if you retrieve the product token from Azure Key Vault in your host project, you cannot securely pass it to the WASM client without exposing it. Any method of injecting the token into the client (such as via API, configuration, or JavaScript interop) will ultimately make it accessible to end users.
The Blazorise product token is intended to be used on the client side, and the licensing model assumes it will be visible in the distributed application. This is a limitation of all client-side web technologies, not just ABP or Blazorise.
If you require the product token to remain secret, you would need to use a server-side Blazor (Blazor Server) or another server-rendered technology, where the token can be kept on the server and not exposed to the client.
Sources:
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
So we need to expose the Blazorise product token there's no other way?
-
0
When adding Blazorise middleware, you basically enter your token key. Encrypt your token via ABP's Encryption library and write the encrypted text rather than the token itself. This way, you can make it harder to be accessed.
services .AddBlazorise( options => { options.ProductToken = _stringEncryptionServce.Decrypt("xxxxxxx"); } ) -
0
Hi, thanks I tried it, gave me this error System.PlatformNotSupportedException: Algorithm 'Aes' is not supported on this platform.
I guess I'll just have to put it in the clear? :/
-
0
hi
The ABP string Encryption may not be compatible with Blazor WASM. The browser doesn't support all encryption methods.
I will ask the Blazorise team for this case.
https://blazorise.com/support/issues/338/how-to-protect-our-producttoken-in-wasm-app
Thanks.
-
0
hi
The Blazorise team response:
Hello! As mentioned in the previous discussion, there’s really no completely secure way to hide the product token in a Blazor WebAssembly application. A determined and technically skilled user could always inspect the compiled assemblies and extract it.
That said, the product token isn’t meant to be secret, unlike the license key that comes with your subscription. The token is time-limited and automatically expires after a certain period. In most cases, Blazorise is used in** line-of-business (LOB)** applications where the risk of token exposure is minimal. Only in large, public-facing apps with many technically savvy users could this become a concern.
As for storage, the best approach is to embed the product token directly in your assembly rather than loading it from an external source at runtime.
-
0
Thanks a lot
-
0
You're welcome. : )
