daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhance Blazor WASM unauth endpoint access (#18937)

pull/18955/head
Luke Latham 2020-06-25 05:19:04 -05:00 committed by GitHub
parent 9a9858cca1
commit 48b93bdbda
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
aspnetcore/blazor/security/webassembly/additional-scenarios.md
View File

@ -5,7 +5,7 @@ description: Learn how to configure Blazor WebAssembly for additional security s
monikerRange: '>= aspnetcore-3.1'
ms.author: riande
ms.custom: mvc
ms.date: 06/10/2020
ms.date: 06/24/2020
no-loc: [Blazor, "Identity", "Let's Encrypt", Razor, SignalR]
uid: blazor/security/webassembly/additional-scenarios
---
@ -244,7 +244,7 @@ builder.Services.AddHttpClient("ServerAPI.NoAuthenticationClient",
The preceding registration is in addition to the existing secure default <xref:System.Net.Http.HttpClient> registration.
A component creates the <xref:System.Net.Http.HttpClient> from the <xref:System.Net.Http.IHttpClientFactory> ([`Microsoft.Extensions.Http`](https://www.nuget.org/packages/Microsoft.Extensions.Http/) package) to make unauthenticated or unauthorized requests:
A component creates the <xref:System.Net.Http.HttpClient> from the <xref:System.Net.Http.IHttpClientFactory> ([`Microsoft.Extensions.Http`](https://www.nuget.org/packages/Microsoft.Extensions.Http) package) to make unauthenticated or unauthorized requests:
```razor
@inject IHttpClientFactory ClientFactory
@ -267,6 +267,10 @@ A component creates the <xref:System.Net.Http.HttpClient> from the <xref:System.
> [!NOTE]
> The controller in the server API, `WeatherForecastNoAuthenticationController` for the preceding example, isn't marked with the [`[Authorize]`](xref:Microsoft.AspNetCore.Authorization.AuthorizeAttribute) attribute.
The decision whether to use a secure client or an insecure client as the default <xref:System.Net.Http.HttpClient> instance is up to the developer. One way to make this decision is to consider the number of authenticated versus unauthenticated endpoints that the app contacts. If the majority of the app's requests are to secure API endpoints, use the authenticated <xref:System.Net.Http.HttpClient> instance as the default. Otherwise, register the unauthenticated <xref:System.Net.Http.HttpClient> instance as the default.
An alternative approach to using the <xref:System.Net.Http.IHttpClientFactory> is to create a [typed client](#typed-httpclient) for unauthenticated access to anonymous endpoints.
## Request additional access tokens
Access tokens can be manually obtained by calling `IAccessTokenProvider.RequestAccessToken`.