Blazor Web Assembly and Windows Authentication
According to this link, https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/?view=aspnetcore-7.0#windows-authentication, Windows Authentication is not recommended for use in Blazor Web Assmebly. However, at work I have a blazor WASM static web site that passes windows authentication credentials to a backend web API just fine. This is implemented by using the AddHttpMessageHandler to create a client (see code below). Neither the WASM nor the API are exposed on the internet; this is all internal. Browser client simply prompts user for windows authentication, and API authentication is satisfied
So even though this all works, is this still a security risk?
So even though this all works, is this still a security risk?
Learn how to secure Blazor WebAssembly apps as single-page applications (SPAs).
