I am using Blazor WebAssembly and I want to store user data in the session. I have used localStorage and sessionStorage but users may view or temper the data stored in localStorage and sessionStorage which is not the best way to store sensitive data. Tell me how can resolve this issue and how can store sensitive data in session using Blazor WebAssembly
In Blazor there are 3 hosting models Blazor Server, Blazor WASM, and Blazor Hybrid. Blazor Server runs on the server which means that sensitive data are on the server and safely managed (Until you expose them somehow). And this might help you in some way if you don't need a full-fledged SPA and API. And Blazor Hybrid is a hosting model that runs on the web and on native technologies like .NET MAUI, WPF, and Windows Forms.
Blazor WASM is a single-page application framework used to build interactive client-side UI. This means that it runs and executes on the client. Because of this, you can't store sensitive data in any way with the client. These sensitive data include and are not limited to:
On the other hand, there are use cases where you can store data either in the local storage or session storage like:
So that is said, in case you have to access/read sensitive data for a user/client is that you build an API that is being consumed by the user. Of course, you should authenticate and authorize the client in order to access the API.
Read More in-depth articles about what I wrote:
Read more about authentication and authorization with Azure Active Directory (AAD): Secure a hosted ASP.NET Core Blazor WebAssembly app with Azure Active Directory
Read more about Blazor server: ASP.NET Core Blazor Server
Read more about Blazor Hybrid: ASP.NET Core Blazor Hybrid
Read More about Blazor State Management ASP.NET Core Blazor state management