Securing SPAs and Blazor Applications using the BFF Pattern – Webinar Recording

Khalid Abuhakmeh

The recording for our webinar, Using the BFF pattern to secure SPA and Blazor Applications with Duende Software co-founder Dominick Baier, is now available. Subscribe to our community newsletter to receive notifications about future webinars.

Modern web development means that more and more application code is running in the browser. Traditionally this has been JavaScript but more recently there has been the trend to use C#/WASM with Blazor.

These modern applications typically also need authentication and single-sign-on as well as token-based security for calling APIs – in other words OpenID Connect and OAuth 2. There are different patterns for securing such applications and this session covers some of the pitfalls of the various approaches, especially given the ever-changing browser landscape. We will conclude with the “backend for frontend” (or BFF) pattern which has become the most secure and stable of these approaches.

Webinar Agenda

• 0:00 Welcome
• 5:58 Introduction
• 9:30 Cookies and CSRF
• 20:54 Tokens, challenges, XSS
• 36:00 Browser changes and other problems
• 53:08 Backend for Frontend Pattern
• 59:43 Building a BFF with ASP.NET Core
• 1:11:16 Two types of APIs
• 1:24:45 Token lifetime management
• 1:31:40 YARP
• 1:36:33 Wrapping up

Resources

• Duende Software – https://duendesoftware.com
• @leastprivilige (Twitter) – https://twitter.com/leastprivilige
• GitHub Samples – https://github.com/DuendeSoftware/BFF
• Dominick Baier Blog – https://leastprivilege.com/
• IdentityServer JS Clients Sample – https://docs.duendesoftware.com/identityserver/v6/quickstarts/js_clients/
• IdentityServer Blazor Sample – https://docs.duendesoftware.com/identityserver/v6/quickstarts/7_blazor/
• IdentityServer SPA Sample – https://docs.duendesoftware.com/identityserver/v6/upgrades/spa_to_duende/

About The Presenter

Dominick Baier

Dominick spent most of his professional career implementing security systems for his customers and reading protocol specifications. This resulted in a number of popular open-source projects like IdentityServer and IdentityModel.

Since 2020 he runs Duende Software Inc together with his longtime friend and colleague Brock Allen. Duende provides a sustainable home for the IdentityServer project and is the one-stop-shop for all things OpenID Connect and OAuth for .NET-based companies.

Subscribe to a monthly digest curated from the .NET Tools blog:

Subscribe form

By submitting this form, I agree to the JetBrains Privacy Policy Notification icon

By submitting this form, I agree that JetBrains s.r.o. ("JetBrains") may use my name, email address, and location data to send me newsletters, including commercial communications, and to process my personal data for this purpose. I agree that JetBrains may process said data using third-party services for this purpose in accordance with the JetBrains Privacy Policy. I understand that I can revoke this consent at any time in my profile. In addition, an unsubscribe link is included in each email.

Submit

Thanks, we've got you!