Developers Struggle with Authentication in Blazor WebAssembly

WebAssembly is a growing technology to build cross-platform applications. Security has been a prime concern in the design of WebAssembly, and researchers have scrutinized the security of this technology since its inception. However, there is no study regarding security concerns that developers face when they adopt WebAssembly.

In a joint project among researchers from TU-Clausthal, Vrije Universiteit Brussel (Belgium), and University of Bern (Switzerland) they studied security-related issues that developers posted on the StackOverflow website and found that topmost issues relate to Authentication in Blazor WebAssembly. They observed that developers frequently seek advice on implementing a third-party authentication, authentication issues in deployment, user navigation and authentication, customization of UI in login pages, assigning roles, and access control to API endpoints. The researchers discuss these issues and provide actionable advice to address them.

This work, led by Prof. Mohammad Ghafari the chair of Secure IT Systems in TU-Clausthal, is accepted to 38th IEEE International Conference on Software Maintenance and Evolution (ICSME) NIER track.

ICSME is the premier international forum for researchers and practitioners from academia, industry, and government to present, discuss, and debate the most recent ideas, experiences, and challenges in software maintenance and evolution. ICSME 2022 will be held in Limassol, Cyprus, 3-7 October.