Hi, I have an asp.net core 8 webassembly solution with two clients and an API server, one of the clients (noAuthJWT) is public and must have no authentication for users, the other is back-office and protected with JWT authentication. Wanting to use a hidden account on the client (noAuthJWT) with minimal privileges that would be the same for everyone, I wonder what possible problems this setting can generate. I specify that the transactions generated by the client (noAuthJWT) are discriminated and based on the user name which is requested outside the solution's Identity platform. Furthermore, the reason why I would like to do this fictitious authentication is aimed at further limiting access to the server APIs among which there are also two signalR HUBs.
What I have tried:
I tried opening multiple simultaneous sessions with the same account on the second client, and it seems to work correctly, but I would like to have the opinion of someone with more experience:
Have you ever done something like this?
Do you think there could be any problems?
Sorry if perhaps I'm asking something trivial, but I really would like to make sure I don't make any gross mistakes.
Thanks to anyone who can tell me anything about this topic.