Wednesday
Room 3
13:40 - 14:40
(UTC+01)
Talk (60 min)
Securing SPAs and Blazor Applications using the BFF (Backend for Frontend) Pattern
Modern web development means that more and more application code is running in the browser. Traditionally this has been JavaScript but more recently there has been the trend to use C#/WASM with Blazor.
These modern applications typically also need authentication and single-sign-on as well as token-based security for calling APIs – in other words OpenID Connect and OAuth 2. There are different patterns for securing such applications and this session covers some of the pitfalls of the various approaches, especially given the ever-changing browser landscape. We will conclude with the “backend for frontend” (or BFF) pattern which has become the most secure and stable of these approaches.
Anders Abel
Anders Abel is a senior .NET developer in Stockholm. He has been programming since he was 9 and still thinks it’s tremendously fun. When asked what he does for a living he often responds "building login buttons". Anders has extensive experience on Single Sign On and API security. His Saml2 library is trusted by millions of users world wide and he has deep expertise on OAuth and OpenID Connect from his work on Duende IdentityServer.