You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In today's security systems, storing User's credentials and passwords in your own hosted application/database, is the biggest mistake we can make, to invite hackers to break into our DB.
Azure has a very strong and sophisticated infrastructure [Azure B2C] to safeguard our users' identity and provide solid utilities for users to sign up, sign in, change password and etc. But, the liability is not on us anymore and we can focus.
Piggybacking on the existing ASP Auth system or even using IdentityServer4 and store user's identity in our hosting DB, is a Recipe for disaster to happen for us the developers, and any legal issues, can drag MSFT into it, because the manufacture provided a weak solution to store user's identity.
However, integrating ASP apps (MVC, Web API, Blazor and etc.) is a lot of work to get it working with Azure B2C. Every one of us has to go through this pain. So, Blazor Team, PLEASE give us an easy to use integration path to use Azure B2C right out of the box for both models. Right now, Azure B2C integration with MVC or Web API is hard to use, and there way too many steps involved.
We either need a clean integration between Blazor (both models) and Azure B2C or a complete guideline and steps to follow for each model.
When building such integration, please give us full access to B2C features, so we can use it's full potentials.
Note: I'm very nervous and concern that Blazor will be offering the older security model with on premise storage of users.
I hope ASP team, pays a great deal of attention that if Blazor's security is weak, it will open up a lot headaches for ALL of us.
Thanks!
..Ben
The text was updated successfully, but these errors were encountered:
Eilon
added
the
area-mvc
Includes: MVC, Actions and Controllers, Localization, CORS, most templates
label
Apr 26, 2019
In today's security systems, storing User's credentials and passwords in your own hosted application/database, is the biggest mistake we can make, to invite hackers to break into our DB.
Azure has a very strong and sophisticated infrastructure [Azure B2C] to safeguard our users' identity and provide solid utilities for users to sign up, sign in, change password and etc. But, the liability is not on us anymore and we can focus.
Piggybacking on the existing ASP Auth system or even using IdentityServer4 and store user's identity in our hosting DB, is a Recipe for disaster to happen for us the developers, and any legal issues, can drag MSFT into it, because the manufacture provided a weak solution to store user's identity.
However, integrating ASP apps (MVC, Web API, Blazor and etc.) is a lot of work to get it working with Azure B2C. Every one of us has to go through this pain. So, Blazor Team, PLEASE give us an easy to use integration path to use Azure B2C right out of the box for both models. Right now, Azure B2C integration with MVC or Web API is hard to use, and there way too many steps involved.
We either need a clean integration between Blazor (both models) and Azure B2C or a complete guideline and steps to follow for each model.
When building such integration, please give us full access to B2C features, so we can use it's full potentials.
Note: I'm very nervous and concern that Blazor will be offering the older security model with on premise storage of users.
I hope ASP team, pays a great deal of attention that if Blazor's security is weak, it will open up a lot headaches for ALL of us.
Thanks!
..Ben
The text was updated successfully, but these errors were encountered: