I'm learning blazor and am having some difficulty wrapping my head around authentication. I have a .net core web api hosted and want to connect a blazor web assembly to it, but all the tutorials i find use it hosted in an asp.net core host in one package. How secure is the authentication when hosted like this on the same machine?
use Blazor WebAssembly with authentication (also if possible) is not a great idea: usually, when you write a normal client-server application, the client collect the user typed data and send it to the server. In the server you can check if the password is correct (for example establishing a connection to a database and checking matches between username and password).
In Blazor WebAssembly, all the code is compiled, dll are generated, sent to the client (using the Web-Assembly technology) and runs inside a JavaScript sandbox. This mean that ALL the objects are available on client side and can be seen by the user, so also all the connection strings can be readed.
Also if there are some ways to mask them, none of them are 100% secure, actually.
If you don't need to have an off-line application I suggest you to use Blazor Server technology, that use SignalR.
However, if you really want to implement authentication in WebAssembly, you can take a look at the Microsoft documentation.
Hope this can be useful!