Hi, I'm trying to find out how to secure my Blazor app using Entra with a certificate. I've been googling and youtubing for hours and have found endless guides on how to autheniticate using clientID/secret, but due to security that method isn't an option for me.
My app is a Blazor app, in interactive server mode. The app will be accessed by humans as well as an automated device that has scripting capability and can use a certificate. The app is currently working fine and hosted in IIS on an on-premises server. My next step is to secure it, in particular the API will be exposed to a client outside our organisation. By API I mean specifically that I've added minimal API methods into the Blazor app that perform the same functions as the UI.
I've seen how to protect my razor pages using [Authorize] and to use the identity class to secure my API, that part I should be able to work out. My question is about how to authenticate the user in the first place, so that those protection methods can then work.
I want to use Azure Entra to handle the authentication, and I already have an app registered in my organisations Azure Portal. My understanding is that our client will supply a certificate to us, we install it in Azure, and when they access the API they supply the private key part of the certificate which we authenticate against the public key.
I'm looking for a guide or tutorial that explains how to do this, if anyone can suggest one?
Thanks