.NET 8: What's New for Authentication and Authorization

Let’s explore the new features brought by .NET 8 to support authentication and authorization in your applications.
Read more…

:writing_hand:t2: Brought to you by @andrea.chiarelli

Great summary. It was very helpful. Thank you!

1 Like

The article is very useful, especially the section on simplifying custom authorization policies. The official article still refers to the previous method of creating AuthorizeAttribute, IAuthorizationPolicyProvider, IAuthorizationRequirement, and AuthorizationHandler<> (source: Create an ASP.NET Core app with user data protected by authorization | Microsoft Learn).

I’m confused about the description of the built-in login page in a Blazor app. The article describes it “Instead, they are Razor components, and the user authentication and management is performed by using the Identity API endpoints.”.

However, when I create a new Blazor Web App using the command “dotnet new blazor -au Individual”, I noticied that “Components/Account/Pages/Login.razor” is using the below way to create user, instead of calling the API endpoints.

    public async Task LoginUser()
        // This doesn't count login failures towards account lockout
        // To enable password failures to trigger account lockout, set lockoutOnFailure: true
        var result = await SignInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
        if (result.Succeeded)
            Logger.LogInformation("User logged in.");

Could you please explain more here? Thanks.

BTW, In the new Blazor Web App created with the dotnet new blazor -au Individual command, I see that the calls to app.UseRouting() and app.UseAuthorization() are missing compared to a Blazor Server App created using the .NET 7 template:

// .net 7 Blazor Server App



// .net 8 Blazor Web App

// Not calling below:
// app.UseRouting()


Hope get some explains here as well. Thanks.

Hey @studev01,
Welcome to the Auth0 Community, and thank you for pointing out these issues.

Unfortunately, the reference in the article to the Identity API in the Blazor template is incorrect. Actually, the Blazor template uses directly the ASP.NET Core Identity classes. Sorry for that. I’m going to fix it soon.

Related to the differences with Blazor Server in .NET 7.0, the new Blazor model is different. Honestly, I need to explore it more in depth in the next few weeks.

Great, looking forward to see the new articles.

1 Like