No secrets
All the documentation I have seen so far states there is no way you could possibly securely store a secret or sensitive data.
What are others doing?
I was wondering how others have attempted to resolve this issue so far. I have not been able to find a suggestions as to what an alternative would look like, just people saying it can't (or shouldn't) be done.
Should I even be using reCaptcha (or any other captcha system that required a site-key to be passed to it) in a Blazor WASM project, or should I be considering something through my Web API? I am not sure if this would be barking up the wrong tree though.
Even the aspnetcore repo is less that helpful, the same "just don't do it". For things like connection strings, I understand the solution of just calling a RESTful API that has the connection string details in, but I don't see how this solution could be applied to this issue.
Any help would be greatly appreciated.
I have not been able to find any reasonable solutions to try so far.
CodePudding user response:
The reCaptcha site key is meant to be placed in the Frontend, so inside the Blazor Project.
But if you want your reCAPTCHA to work properly you need to have a Backend service that verifies against googles API with the secret key.
"The key pair consists of a site key and secret key. The site key is used to invoke reCAPTCHA service on your site or mobile application. The secret key authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. The secret key needs to be kept safe for security purposes."
https://developers.google.com/recaptcha/intro
CodePudding user response:
Add SITE KEY in the Blazor WebAssembly project appsettings.json file. Now validate the user request on the API side (server side) with SECRET KEY. And your secret will be on the server side.
