External Publication
Visit Post

Blazor JWT Authentication with Radzen & .NET 10: Complete Starter Template

DEV Community [Unofficial] July 2, 2026
Source

Learn secure authentication in Blazor with this production-ready starter template. JWT tokens, cookies, Radzen UI, and clean architecture explained.

The Problem: Authentication is Complicated

Building a secure Blazor application with authentication can be overwhelming:

  • JWT vs Cookie authenticationβ€”which one?
  • How do you handle token refresh?
  • Where do you store secrets?
  • How do you integrate Radzen components with auth?
  • What's the best project structure?

This template answers all these questions in one place.

πŸ‘‰ Want to skip the setup? Clone the repo and have authentication running in 5 minutes. No need to understand everything right now!

If you're looking for a quick-start template that demonstrates Blazor authentication with JWT tokens, Radzen components, and a clean .NET 10 architecture, this guide is for you.

I've created a production-ready starter template that integrates all the best practices for authentication in Blazor applications. Let me walk you through it and show you how to use it to accelerate your projects.

What is Blazor JWT Token Starter?

Blazor JWT Token Starter is a comprehensive template demonstrating secure authentication in Blazor applications with a separation of concerns architecture. It combines:

  • βœ… Blazor Server-side rendering with interactive components
  • βœ… JWT Bearer authentication for secure API communication
  • βœ… Cookie-based authentication for the Blazor app
  • βœ… Radzen UI components for a professional, polished interface
  • βœ… Clean architecture with Domain, Application, Infrastructure, and Shared layers
  • βœ… .NET 10 with modern ASP.NET Core features

Whether you're building an enterprise application or experimenting with secure authentication patterns, this template saves you hours of setup time.

Repository Structure

The template follows a layered architecture pattern:

BlazorJWTTokenStarter/ β”œβ”€β”€ WebAPI/ # ASP.NET Core Web API (JWT Authentication) β”œβ”€β”€ WebApp/ # Blazor Server Application (Cookie Auth) β”œβ”€β”€ Domain/ # Domain entities and interfaces β”œβ”€β”€ Application/ # Business logic and security services β”œβ”€β”€ Infrastructure/ # Database and external dependencies └── Shared/ # Shared DTOs and utilities (45% C#, 31% HTML, 19% CSS, 5% JS)

Key Components

  1. WebAPI Project - JWT Token Authority The API project is your authentication server. Key features:
  • JWT Bearer Authentication: Configured in Program.cs with industry-standard token validation

  • Token Settings: Secure key management through appsettings.json

  • Authentication Controller: Issues tokens based on user credentials

  • Scalar API Reference: Built-in interactive API documentation

    // JWT configuration from Program.cs builder.Services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = jwtSettings.Issuer, ValidAudience = jwtSettings.Audience, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(jwtSettings.Key)) }; });

  1. WebApp Project - Blazor Client Application The Blazor Server app handles user interactions with secure authentication:
  • Cookie Authentication: Secure, server-side session management

  • Login/Logout Endpoints: Minimal APIs for authentication flow

  • Radzen Components: Beautiful, ready-to-use UI elements

  • Current User Context: Service to access authenticated user information

    // Cookie authentication setup builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(options => { options.LoginPath = "/login"; options.LogoutPath = "/logout-user"; options.Cookie.HttpOnly = true; options.Cookie.SecurePolicy = CookieSecurePolicy.Always; options.ExpireTimeSpan = TimeSpan.FromMinutes(30); options.SlidingExpiration = true; });

  1. Domain Layer - Business Rules Contains core domain logic:
  • User entities and constants
  • Interface definitions for repositories
  • Domain-specific business rules
  1. Application Layer - Security & Services Handles authentication logic:
  • JWT token generation and validation
  • User authentication services
  • Security configuration
  1. Shared Layer - Common DTOs Reusable data transfer objects:
  • ApiResponse.cs - Standardized API responses
  • ResultDto.cs - Result types for operations
  • LoginRequest - User login credentials

Getting Started: Quick Setup Guide

Prerequisites

  • .NET 10 SDK or later
  • Visual Studio 2022 or VS Code
  • Basic knowledge of C# and Blazor

Step 1: Clone the Repository

git clone https://github.com/mafzal88/BlazorJWTTokenStarter.git
cd BlazorJWTTokenStarter

Step 2: Update Configuration Edit WebAPI/appsettings.json with your JWT settings:

{
  "JwtSettings": {
    "Key": "your-secret-key-here-min-32-chars",
    "Issuer": "YourAppName",
    "Audience": "YourAppUsers",
    "DurationInMinutes": 60
  },
  "ConnectionStrings": {
    "DefaultConnection": "your-database-connection-string"
  }
}

Step 3: Run the Applications Terminal 1 - Start WebAPI:

cd WebAPI
dotnet run
# Runs on https://localhost:5001
# Visit https://localhost:5001/scalar/v1 for API documentation

Terminal 2 - Start WebApp:

cd WebApp
dotnet run
# Runs on https://localhost:5002

Step 4: Test Authentication

  • Navigate to https://localhost:5002
  • Click "Login"
  • Use your test credentials
  • On success, you'll be authenticated and see the user dashboard

Core Authentication Flow

User β†’ Blazor App (WebApp)
  ↓
Login Form (Radzen Components)
  ↓
POST /login-user (Minimal API)
  ↓
Validate against WebAPI
  ↓
Create Claims & Cookie
  ↓
Redirect to Dashboard

Why This Template is Powerful

🎯 Production-Ready Security best practices implemented Secure cookie handling with HttpOnly and SameSite flags Token validation on every request 30-minute sliding expiration with auto-refresh 🧩 Modular Architecture Clear separation of concerns Easy to extend with business logic Testable service layer Reusable shared components 🎨 UI/UX with Radzen Professional-looking forms and components Responsive design out-of-the-box Theme support with cookie persistence Custom notification system ⚑ Modern .NET Stack .NET 10 latest features Minimal APIs for lightweight endpoints Built-in OpenAPI/Swagger support Async/await throughout

Full code : https://github.com/mafzal88/BlazorJWTTokenStarter

Discussion in the ATmosphere

Loading comments...