How safe is it to route the dbContext from the core system out to the Blazor components?

First of all, great work you are doing here, Radzen are really nice components.

I wanted to display a database of mine via a table and came across your libary, normally I would do this via the api, i.e. Blazor WebAssembly with However, I saw in your samples that it is easier, but there I had the question how secure the whole thing would be with e.g. sensitive data like passwords and generally exposing the DbContext in Blazor.

Normally I would make the data set into a json in the server and transfer this json to the frontend. Is it possible to view my core system in general in Blazor Frontend, as I have to pass this on as well. Are database entries then made on the client side or does the server do this? Or how exactly does your implementation of the database work?

If I now run this via the DbContext, is everything read out from the database at once or does it read it out page by page, i.e. if I have, for example, a million data records in the database, what is the performance like?

Hi @Florian00,

DbContext can be used only in server-side Blazor, not in WebAssembly.

Our DataGrid component works with IQueryable and all operations like paging, sorting, filtering, etc. are translated by the query provider directly to the database server. Here is how the query SQL looks for the first page in a DataGrid with sorting and filtering when bound to MSSQL DbContext:

SELECT [t].[OrderID], [t].[CustomerID], [t].[EmployeeID], [t].[Freight], [t].[OrderDate], [t].[RequiredDate], [t].[ShipAddress], [t].[ShipCity], [t].[ShipCountry], [t].[ShipName], [t].[ShipPostalCode], [t].[ShipRegion], [t].[ShipVia], [t].[ShippedDate], [c].[CustomerID], [c].[Address], [c].[City], [c].[CompanyName], [c].[ContactName], [c].[ContactTitle], [c].[Country], [c].[Fax], [c].[Phone], [c].[PostalCode], [c].[Region], [t].[EmployeeID0], [t].[Address], [t].[BirthDate], [t].[City], [t].[Country], [t].[Extension], [t].[FirstName], [t].[HireDate], [t].[HomePhone], [t].[LastName], [t].[Notes], [t].[Photo], [t].[PhotoPath], [t].[PostalCode], [t].[Region], [t].[ReportsTo], [t].[Title], [t].[TitleOfCourtesy], [s].[ShipperID], [s].[CompanyName], [s].[Phone]
      FROM (
          SELECT [o].[OrderID], [o].[CustomerID], [o].[EmployeeID], [o].[Freight], [o].[OrderDate], [o].[RequiredDate], [o].[ShipAddress], [o].[ShipCity], [o].[ShipCountry], [o].[ShipName], [o].[ShipPostalCode], [o].[ShipRegion], [o].[ShipVia], [o].[ShippedDate], [e].[EmployeeID] AS [EmployeeID0], [e].[Address], [e].[BirthDate], [e].[City], [e].[Country], [e].[Extension], [e].[FirstName], [e].[HireDate], [e].[HomePhone], [e].[LastName], [e].[Notes], [e].[Photo], [e].[PhotoPath], [e].[PostalCode], [e].[Region], [e].[ReportsTo], [e].[Title], [e].[TitleOfCourtesy]
          FROM [dbo].[Orders] AS [o]
          LEFT JOIN [dbo].[Employees] AS [e] ON [o].[EmployeeID] = [e].[EmployeeID]
          WHERE CASE
              WHEN ([e].[EmployeeID] IS NULL OR [e].[LastName] IS NULL) OR [e].[LastName] IS NULL THEN N''
              WHEN [e].[EmployeeID] IS NOT NULL AND [e].[LastName] IS NOT NULL THEN [e].[LastName]
              ELSE NULL
          END LIKE N'%K%'
          ORDER BY [o].[OrderID] DESC
          OFFSET @__p_0 ROWS FETCH NEXT @__p_1 ROWS ONLY
      ) AS [t]
      LEFT JOIN [dbo].[Customers] AS [c] ON [t].[CustomerID] = [c].[CustomerID]
      LEFT JOIN [dbo].[Shippers] AS [s] ON [t].[ShipVia] = [s].[ShipperID]
      ORDER BY [t].[OrderID] DESC

Furthermore our DataGrid component can work directly with OData service so in WebAssembly application you can get again all operations like paging, sorting and filtering applied server-side:

Thanks for you quick response.

I need a Blazor Web Assembly so i think i have to go with the oauth, so i looked it up in the documentation, but i came into some troubles, i use NuGet Gallery | Microsoft.AspNetCore.OData 8.0.10
for OAuth and it seems that its not supported. I use the [EnableQuery] attribute in my controller and in the startup i activate: Select().Filter().OrderBy().SetMaxTop(1000));. And it works just fine with eq, ect. but if i enter into postman the link the data grid generates, it fails. I think he dont like the () and =.

Uri generated from GetODataUri like its in the documentation: Blazor DataGrid OData data-binding

{"Message":"The query specified in the URI is not valid. Syntax error at position 14 in 'TemperatureF = 15'.","ExceptionMessage":"Syntax error at position 14 in 'TemperatureF = 15'.","ExceptionType":"Microsoft.OData.ODataException","StackTrace":"   at Microsoft.OData.UriParser.ExpressionLexer.ValidateToken(ExpressionTokenKind t)\r\n   at Microsoft.OData.UriParser.UriQueryExpressionParser.ParseExpressionText(String expressionText)\r\n   at Microsoft.OData.UriParser.UriQueryExpressionParser.ParseFilter(String filter)\r\n   at Microsoft.OData.UriParser.ODataQueryOptionParser.ParseFilterImplementation(String filter, ODataUriParserConfiguration configuration, ODataPathInfo odataPathInfo)\r\n   at Microsoft.OData.UriParser.ODataQueryOptionParser.ParseFilter()\r\n   at Microsoft.AspNetCore.OData.Query.FilterQueryOption.get_FilterClause()\r\n   at Microsoft.AspNetCore.OData.Query.Validator.FilterQueryValidator.Validate(FilterQueryOption filterQueryOption, ODataValidationSettings settings)\r\n   at Microsoft.AspNetCore.OData.Query.FilterQueryOption.Validate(ODataValidationSettings validationSettings)\r\n   at Microsoft.AspNetCore.OData.Query.Validator.ODataQueryValidator.Validate(ODataQueryOptions options, ODataValidationSettings validationSettings)\r\n   at Microsoft.AspNetCore.OData.Query.ODataQueryOptions.Validate(ODataValidationSettings validationSettings)\r\n   at Microsoft.AspNetCore.OData.Query.EnableQueryAttribute.ValidateQuery(HttpRequest request, ODataQueryOptions queryOptions)\r\n   at Microsoft.AspNetCore.OData.Query.EnableQueryAttribute.OnActionExecuting(ActionExecutingContext actionExecutingContext)"}

so my question is, which libarys do you use in the backend, so that the OData gets converted to a valid dbContext request?

Thank you very much,

You don’t need a library, just an ODataController and to describe the model using ODataBuilder. Check our demos for reference.

I need the Microsoft.AspNetCore.OData v8 libary, because ODataController is in the Libary. So i tried to switching it to ODataController as you said, but the same error occured. Are the multiple versions from OData isn't there a schema for it?

So i pulled this github project: GitHub - bervProject/ODataTutorial: OData Tutorial and there the commands are not functioning ?$filter=Id=15 (looks pretty weird to me) normally i would type in OAuth ?$filter=Id eq '15' and this works

I looked into your github samples, do you have any samples in .Net 6? Blazor WebAssembly Client Server? I looked at the NorthwindBlazor Sample, but it isn't very helpful.

But anyway thanks for the fast responses and the help

You can check our CRM tutorial for WebAssembly:

Or you can simply download Radzen, create new WebAssembly apps, connect to your database, run the application and check the generated code. Check also Radzen Blazor Studio where you have not only scaffolding and visual designer but excellent code editing.

Thanks, finally worked for me :slight_smile: