Possibility for a Blazor (Server) Application as Identity Server template

[Walkerguy]

Which version of Duende IdentityServer are you using?
7.0.4
Which version of .NET are you using?
8.0 ASP.NET Core Blazor (Server)

Describe the bug
I've been integrating Identity Server in a Blazor Webapp (Server) application (as opposed to the template's Razor Pages or MVC apps)

1. Clean flow I'm able to log into my Client apps properly when I'm not logged in on the IDS yet.
2. Logged in flow If I'm already logged in on the IDS, coming from a Client will always produce the login screen, and pressing login at this point produces an AntiForgeryToken error.

I realize authentication on Blazor has changed a bit and wonder if this is causing the SSO to break.

Considering there is no Blazor Server template / quickstart, I was wondering if what I'm trying is currently even possible.

To Reproduce

1. Start a new Blazor Webapplication Project with Server rendering + Individual Accounts checked
2. Install Identity Server package and add configuration for a Client app
3. Log in on the IDS (or via the Client's auth request to the IDS)
4. Visit a protected route on the Client app to produce the IDS' login screen again

Expected behavior
Would it be possible to have a Blazor Server application integrate with Identity Server and .NET Identity to produce the same functionality as the Razor Pages or MVC templates?

Additional context
I would be happy to provide code and configuration I have now and contribute to a Blazor Quickstart template if possible. Thank you for taking the time.

[Walkerguy]

Apologies, I hadn't noticed this is a work in progress. I'll keep an eye on it.
If there's any updates, estimates or roadblocks, I'd love to know. Otherwise I'll close this. 🙅‍♂️

[RolandGuijt]

When you choose "Individual Accounts" when using the template it means your app is using ASP.NET Core Identity which is a framework + UI around cookie authentication. It handles user authentication for you and has a user store built-in.
So when you choose that the application will not use a centralized/federated way for authentication which an identity provider does provide. It is intended to just handle authentication for that one application.

Only if you need federation you'll need an identity provider. Using IdentityServer that must be a separate application and your Blazor application won't need ASP.NET Core Identity in that case. In Blazor Server you can just configure it as any server-rendered application, such as our MVC sample here.

You can, optionally, also use ASP.NET Core Identity in the IdentityServer application and that is probably where the confusion lies. Since IdentityServer doesn't have a built-in user store that could be handy and it will have the advantage that you don't have to build features like 2FA, account lockout and password reset yourself.

[Walkerguy]

Thank you for the reply, @RolandGuijt !

In Blazor Server you can just configure it as any server-rendered application, such as our MVC sample here.

I have done this and you're right, configuring the Blazor server app with Identity Server works. Only the Single Sign On doesn't seem to work when authenticating from any configured client app.
Been scratching my head over what could be causing this. Then I realized there isn't a Blazor-as-Identity-Server template/example yet (to demonstrate the correct IDS configuration). My guess is it's still a work in progress because MS changed some of the default auth. 😉

[RolandGuijt]

No there isn't. We have Razor pages in the templates at the moment. Can you help me to understand why you want this? Blazor Server with the SignalR connection etc. seems unnecessarily complicated to provide the UI. Razor pages or MVC seem more suitable for the job.

[Walkerguy]

Can you help me to understand why you want this?

Sure! It seems like Microsoft is going to be going forward with Blazor instead of Razor Pages. I've been working with it for about 4 months now and it does have some major advantages.
But I totally understand your point for keeping the Identity Server in Razor Pages, as the UI may or may not need Blazor capabilities, we were simply eager to experiment with Blazor and Duende's Identity Server.

[RolandGuijt]

I think it is great when a lot of user interaction is required. The pages IdentityServer uses are more static in nature. Because of that we'll probably continue to use Razor pages in our templates and examples. Unless that gets deprecated at some point. As far as I know MS hasn't got any plans in that direction.

Closing this for now but feel free to reopen if you have further questions.