Skip to content

Secure BWA with Entra#33805

Merged
guardrex merged 8 commits intomainfrom
guardrex/blazor-bwa-with-entra
Oct 9, 2024
Merged

Secure BWA with Entra#33805
guardrex merged 8 commits intomainfrom
guardrex/blazor-bwa-with-entra

Conversation

@guardrex
Copy link
Copy Markdown
Collaborator

@guardrex guardrex commented Oct 7, 2024
edited by github-actions Bot
Loading

@guardrex
Secure BWA with Entra
7023ed1 
Updates

Updates
@guardrex guardrex self-assigned this Oct 7, 2024
halter73
halter73 approved these changes Oct 7, 2024
View reviewed changes
Comment thread aspnetcore/blazor/security/blazor-web-app-with-entra.md Outdated
Comment thread aspnetcore/blazor/security/blazor-web-app-with-entra.md
Comment thread aspnetcore/blazor/security/blazor-web-app-with-entra.md Outdated
Comment thread aspnetcore/blazor/security/blazor-web-app-with-entra.md Outdated
@guardrex guardrex mentioned this pull request Oct 7, 2024
Closed
This was referenced Oct 8, 2024
Closed
Merged
guardrex and others added 2 commits October 8, 2024 03:29
@guardrex @halter73
Update aspnetcore/blazor/security/blazor-web-app-with-entra.md
fb1fa94 
Co-authored-by: Stephen Halter <halter73@gmail.com>
@guardrex
Updates
2fdeb8b
@guardrex
Copy link
Copy Markdown
Collaborator Author

guardrex commented Oct 8, 2024
edited
Loading

UPDATED ...

The latest version of the remarks on security ...

Don't store app secrets, connection strings, credentials, passwords, personal identification numbers (PINs), private C#/.NET code, or private keys/tokens in client-side code, which is ***always insecure***. In test/staging and production environments, server-side Blazor code and web APIs should use secure authentication flows that avoid maintaining credentials within project code or configuration files. Outside of local development testing, we recommend avoiding the use of environment variables to store sensitive data, as environment variables aren't the most secure approach. For local development testing, the [Secret Manager tool](xref:security/app-secrets) is recommended for securing sensitive data.

I mirrored these updates on the Blazor ROPC PR, and I'm 👂 for further feedback on improving this guidance.

@Rick-Anderson Rick-Anderson mentioned this pull request Oct 8, 2024
Closed
@guardrex
Copy link
Copy Markdown
Collaborator Author

guardrex commented Oct 9, 2024

@halter73 ... I think we're good to go here.

I'll review these articles again before GA.

I'm going get this in NOW 🏃‍♂️ ... you know ... before I die in a hurricane! 💀😨😆

@guardrex guardrex merged commit 7bd23df into main Oct 9, 2024
@guardrex guardrex deleted the guardrex/blazor-bwa-with-entra branch October 9, 2024 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@halter73 halter73 halter73 approved these changes

@blowdart blowdart blowdart left review comments

@danroth27 danroth27 Awaiting requested review from danroth27

@mkArtakMSFT mkArtakMSFT Awaiting requested review from mkArtakMSFT

+1 more reviewer

@Rick-Anderson Rick-Anderson Rick-Anderson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@guardrex guardrex

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add documentation for integrating Blazor Web Apps with the Microsoft Identity Platform

4 participants

@guardrex @halter73 @blowdart @Rick-Anderson