I wrote SQL connection classes for my Blazor app inside the Server project, but i can't access them from the Client Project.
Would it be safe to put all my SQL connection files containing connection strings in the Shared project ?
Thanks
Asked
Active
Viewed 1,007 times
2 Answers
2
If you put into a server side Blazor it could be ok. For Wasm definietly not.
Normaly don't put any secrets into code in form of hard coded strings. Probably you are safer if you use appsettings.json with secret manager of VS in dev environment. For other env. I would use environmental variables or a secret manager/key vault.
Zsolt Bendes
- 2,219
- 12
- 18
1
If you are using Blazor Server side, it is safe to store secrets in C# code as this is not transferred to the browser, as stated in the Blazor documentation:
The app's .NET/C# code base, including the app's component code, isn't served to clients.
However, it would still be better to put this in appsettings.json or a similar file and lookup the value.
To be clear, if you are using blazor client side you should never do this, or keep any secrets in code as the entire codebase will be readable on the client.
I don't have any suggestions for client side but there are some potential answers in this thread.
DGrowns
- 406
- 2
- 8