Server-side Blazor Protection

Shield provides comprehensive protection for Blazor Server applications, securing your server-side .NET code while maintaining optimal performance and compatibility.

Understanding Blazor Server Security Model

Blazor Server uses a different execution model than Blazor WebAssembly:

• Application logic runs on the server
• UI updates are sent to the client via SignalR
• The client runs a small JavaScript file that maintains the connection and updates the DOM

This architecture provides inherent security benefits since your code remains on the server. However, Shield adds multiple protection layers to prevent reverse engineering and tampering with your server-side assemblies.

Protection Strategy for Blazor Server

Shield applies several protection techniques optimized for Blazor Server applications:

1. Assembly Protection: Secures your server-side assemblies against decompilation and analysis
2. SignalR Message Protection: Ensures the integrity of communication between server and client
3. Method Invocation Protection: Secures the method calls that might be exposed through SignalR
4. Reference Hiding: Obfuscates references between components and services
5. Server-side Performance Optimization: Maintains responsive UI updates while providing strong protection

Implementation

Prerequisites

• ByteHide Shield (Team, Scale, or Enterprise edition)
• Blazor Server project

Configuration

Create a shield.config.json file in the root of your Blazor Server project:

{
  "preset": "custom",
  "protections": {
    "rename": {
      "rename_public": false
    },
    "control_flow_advance": {},
    "virtualization": {},
    "constants_encryption": {},
    "constants_mutation": {}
  }
}

Shield will automatically detect that your assembly is a Blazor Server application and apply the necessary optimizations.

Integration with MSBuild

Add Shield to your Blazor Server project using the NuGet package:

dotnet add package ByteHide.Shield

Recommended Protections

For Blazor Server applications, these protections provide the best balance of security and performance:

Special Considerations

Component Discovery

Blazor Server relies on component discovery for routing and rendering. Shield automatically detects and preserves Blazor component names through its built-in analyzer. To ensure your application works correctly:

1. Set rename_public: false in the Renamer protection
2. Use [Obfuscation(Exclude = true)] attribute on components that use routing
3. Consider excluding the OnInitialized and OnParametersSet methods from control flow protection
4. Avoid renaming public members that are used by Blazor's component system

SignalR Communication

Shield automatically applies protection to the SignalR communication channel, ensuring:

• Message integrity validation
• Circuit tampering protection
• Enhanced security for remote method invocation

Testing Protected Applications

After applying Shield protection to your Blazor Server application:

1. Build your application in Release mode
2. Verify all routes and navigation work correctly
3. Test component initialization and parameter passing
4. Verify real-time updates and SignalR communication
5. Check performance under typical user loads

Compatibility Considerations

Shield's Blazor Server protection is compatible with:

• Blazor Server 3.2+
• All modern browsers (Chrome, Firefox, Safari, Edge)
• Component libraries like Telerik, Syncfusion, and Radzen
• Authentication providers including Identity, Auth0, and Azure AD
• Hosting on Windows, Linux, and macOS