What you'll learn

When a Blazor component can render on the server, in the browser, or both, every authentication and authorization decision depends on where the code actually executes—and getting that wrong creates security gaps that are easy to miss. In this course, Authentication and Authorization in ASP.NET Core 10 Blazor, you'll gain the ability to build secure Blazor web apps that handle identity correctly across all render modes. First, you'll explore how render modes define security boundaries and why client-side authorization is never enforceable. Next, you'll discover how to configure authentication with both ASP.NET Core Identity and OpenID Connect via Microsoft Entra ID, and how authentication state flows from the cookie to your components through serialization and cascading providers. Finally, you'll learn how to protect local and remote APIs using cookies, access tokens, the BFF pattern, and claim-based authorization policies applied consistently across components and endpoints. When you're finished with this course, you'll have the skills and knowledge of Blazor authentication and authorization needed to secure SSR-first Blazor web apps that span server and client rendering.