Description
The BlazorWebAssemblyStandaloneWithIdentity sample uses a cookie to store the authentication token but I believe that this opens the site up to csrf attacks.
This is usually mitigated by using antiforgerytokens but I've found it difficult to apply this to the sample as the api and client run as different sites (although I may have just dome something wrong).
Is is right that antiforgery tokens should be used here or is there a reason it is not required?
If it is required will it be added to this sample or can someone point me in the right direction to get this working?
Page URL
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-identity?view=aspnetcore-8.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/webassembly/standalone-with-identity.md
Document ID
c4e6ec41-7bea-e600-6473-c5c870aab082
Article author
@guardrex
Description
The BlazorWebAssemblyStandaloneWithIdentity sample uses a cookie to store the authentication token but I believe that this opens the site up to csrf attacks.
This is usually mitigated by using antiforgerytokens but I've found it difficult to apply this to the sample as the api and client run as different sites (although I may have just dome something wrong).
Is is right that antiforgery tokens should be used here or is there a reason it is not required?
If it is required will it be added to this sample or can someone point me in the right direction to get this working?
Page URL
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-identity?view=aspnetcore-8.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/webassembly/standalone-with-identity.md
Document ID
c4e6ec41-7bea-e600-6473-c5c870aab082
Article author
@guardrex