9

I am new to Blazor development and I'm probably missing something obvious here, but searching google, reading documentation and searching this site has not turned up an answer for me.

I have some code that I need to ensure is run server-side for security reasons (hashing passwords for example). I know Blazor typically determines automatically where code will be run, but in this situation can I ensure that some functions are run in the client and some server-side?

Improve this question
5
  • 2
    Do you use Blazor server or Blazor wasm ? Commented Apr 5, 2020 at 18:09
  • I am writing pages that I know run in WASM, but I have classes being called and I'm not sure if those are also running client side and, if so, how I can make them run server side. I'm sure this sounds dumb, but I don't know how to tell the difference. I am using Visual Studio with IIS Express so I can't tell what's running on the server and what is being served to the client and running in WASM. Commented Apr 5, 2020 at 18:33
  • 1
    When you have a Blazor/Wasm app then everything runs in the client until you call a server with HttpClient. Commented Apr 5, 2020 at 18:59
  • 1
    "Blazor typically determines automatically where code will be run" is not true. Commented Apr 5, 2020 at 18:59
  • Thank you both. I think you answered my question: I am barking up the wrong tree. Back to the documentation it is. Commented Apr 5, 2020 at 19:49

1 Answer 1

Reset to default
5

Blazor Server is the application model where all code is run on the server, including Blazor UI components and related code. This is translated into HTML diff messages which are sent via a SignalR.

Blazor WASM (WebAssembly) is where Blazor UI components are downloaded to, and run on the client. So any sensitive or confidential code should not be included in that project.

The selection between the two is initially done when selecting the project type: enter image description here

If you have a Blazor WASM application then you can decide to run certain functions on the server if you wish. The standard "ASP.NET Core hosted" example does this by implementing the weather forecast service as a Web API method (see WeatherForecastController.cs).

You can safely host code in the ASP.NET Core server application where it is never accessible to the client, except via the methods you provide, e.g. Web API methods.

Anything to do with security or validation is a good example. Any password hashing code should always be on the server and never on the client.

Hope this helps clear it up

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

For future readers, Visual Studio does not include the Blazor WebAssembly App template as of version 16.5.2. To use the template, you'll need to open the NuGet Package Manager Console and request the package. To do this, navigate to Tools > NuGet Package Manager Console and paste the following: dotnet new --install Microsoft.AspNetCore.Components.WebAssembly.Templates::3.2.0-preview3.20168.3 Click here to check for the latest version.
Thanks for the clarification, @Razick - I should have mentioned the WASM client isn't standard. Also note if you have .NET 5 preview installed, the server app will show up but the WASM templates won't - they are still .NET core 3.1

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.