I've been trying to learn some C# and decided to try a Blazor app. I've been building web apps for a long time but not in the MS world. In reading the blazor docs it seems that a client side blazor app cannot be secured by role, since the user could simply change any js parameters and visit pages arbitrarily. However, am I wrong to think that you can still secure the basic app built with client side blazor as far as authenticating users via OIDC or some other auth flow?
To put it another way, it sounds like a truly secure web app would be well advised to use the client side blazor setup, but would the client side work for an intranet scenario, where we only care about making sure users should be able to login, but aren't too concerned with what they do once they're in?
