**ABP Framework version: v5.3.0 Commercial
UI type: Blazor Server
DB provider: EF Core
Tiered : Blazor Web , IDS, web API**
Use Case:
Blazor Server App hosted in 'WebServer' Identity Server hosted in 'AppServer' End Users may only access 'WebServer'
With the default authentication flow and UI residing on Identity Server, when authenticating on Blazor Server App (on WebServer - which users can access), the flow redirects to Identity Server (on AppServer which users cannot access) - and therefore authentication cannot proceed.
The Authentication is leveraging both local (to IDS database), and LDAP (which defaults to local authentication when failing to connect) authentication.
What would solve the problem is to have the authentication UI on the Blazor Server App, which would leverage the ABP-fronted IDS APIs to allow login, logout, token issuance and refresh, cookie, and LDAP authentication.
I did not find any conclusive documentation on this and would be grateful for directions on this - as to avoid recreating a whole wheel.
Thanks a ton!
4 Answer(s)
-
0
Blazor Server application uses hybrid flow for authentication as it is the recommended approach. This means you need to be redirected to Authentication Server, get authenticated and then redirected back.
The LDAP or any other external connections should be configured at the IdentityServer since it is the external openid provider.
If you want to use login inside the blazor server application, the wheel is already discovered; you can use non-tiered application template which contains the identityserver inside the application..
-
0
The issue at hand is the database cannot be accessible by the blazor app - relying on API app on another server. Hence we cannot add IDS to the blazor web app as it would require database connectivity.
**Blazor WAF: **
- displays authentication UI (login/logout...)
- consumes Authentication API on IDS
- manages the authentication identifier
- has no database access
- can only consume APIs
- accessible to end-users
IDS:
- Exposes API's required for user authentication flow
- Support local users
- Supports LDAP
- has database connectivity
- not accessible to end-users
Thanks
-
0
We don't have a default solution or a support for this kind of custom authentication flow. And custom authentication flows are related to openid providers mainly (identityServer in this case). You can implement your own flows as you like by using the openid providers (identityServer) .well-known/openid-configuration endpoints.
You can check https://yourAuthServer.com/.well-known/openid-configuration and use the endpoints in your blazor application like
- /connect/authorize
- /connect/token
-
0
Yes, we were hoping to possibly reusing ABP auth components instead of client authentication reimplementation. Thanks