From bbd787de5179813d68420bb47d6cab6e5d757f4b Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:42:18 -0500 Subject: [PATCH 1/5] Additional coverage on remote auth paths --- .../blazor/security/includes/redirecttologin-component.md | 2 +- .../security/includes/remote-authentication-paths.md | 8 ++++++++ .../webassembly/hosted-with-azure-active-directory-b2c.md | 6 ++++++ .../security/webassembly/hosted-with-identity-server.md | 6 ++++++ .../webassembly/hosted-with-microsoft-entra-id.md | 6 ++++++ .../webassembly/standalone-with-authentication-library.md | 4 ++++ .../standalone-with-azure-active-directory-b2c.md | 4 ++++ .../webassembly/standalone-with-microsoft-accounts.md | 4 ++++ .../webassembly/standalone-with-microsoft-entra-id.md | 4 ++++ 9 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 aspnetcore/blazor/security/includes/remote-authentication-paths.md diff --git a/aspnetcore/blazor/security/includes/redirecttologin-component.md b/aspnetcore/blazor/security/includes/redirecttologin-component.md index a89e36e7ba4d..691aeac53f07 100644 --- a/aspnetcore/blazor/security/includes/redirecttologin-component.md +++ b/aspnetcore/blazor/security/includes/redirecttologin-component.md @@ -7,7 +7,7 @@ The `RedirectToLogin` component (`RedirectToLogin.razor`): Inspect the `RedirectToLogin` component in [reference source](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp). The location of the component changed over time, so use GitHub search tools to locate the component. -The login path can be customized by the app (, [framework defaults (`dotnet/aspnetcore` reference source)](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs)). The project template's `RedirectToLogin` component uses the default login path of `authentication/login`. +The login path can be customized by the app ( on the property in the app's `Program` file, [framework defaults (`dotnet/aspnetcore` reference source)](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs)). The project template's `RedirectToLogin` component uses the default login path of `authentication/login`. [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] diff --git a/aspnetcore/blazor/security/includes/remote-authentication-paths.md b/aspnetcore/blazor/security/includes/remote-authentication-paths.md new file mode 100644 index 000000000000..3766df0e8183 --- /dev/null +++ b/aspnetcore/blazor/security/includes/remote-authentication-paths.md @@ -0,0 +1,8 @@ +Remote authentication paths are customized using on the property in the app's `Program` file. For the framework's default path values, see the [`dotnet/aspnetcore` reference source](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs). + +[!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] + +If an app [customizes a remote authentication path](xref:blazor/security/webassembly/additional-scenarios#customize-app-routes), take either of the following approaches: + +* Match the path in hard-coded strings around the app. +* Inject to obtain the configured value around the app. For an example, see the [`RedirectToLogin` component](#redirecttologin-component) section. diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md index 43092547e8e2..5a6476c8692e 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md @@ -435,6 +435,12 @@ Due to changes in the framework across releases of ASP.NET Core, Razor markup fo [!INCLUDE[](~/blazor/security/includes/fetchdata-component.md)] +## Remote authentication paths + +*This section pertains to the solution's **:::no-loc text="Client":::** app.* + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Troubleshoot [!INCLUDE[](~/blazor/security/includes/troubleshoot-wasm.md)] diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md index e018f6b845fb..51f94636b8d5 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md @@ -347,6 +347,12 @@ Due to changes in the framework across releases of ASP.NET Core, Razor markup fo [!INCLUDE[](~/blazor/security/includes/fetchdata-component.md)] +## Remote authentication paths + +*This section pertains to the solution's **:::no-loc text="Client":::** app.* + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Azure App Service on Linux Specify the issuer explicitly when deploying to Azure App Service on Linux. For more information, see . diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md index a798309d8534..f5b9b28db5d3 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md @@ -441,6 +441,12 @@ Due to changes in the framework across releases of ASP.NET Core, Razor markup fo [!INCLUDE[](~/blazor/security/includes/fetchdata-component.md)] +## Remote authentication paths + +*This section pertains to the solution's **:::no-loc text="Client":::** app.* + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Use of an Azure Active Directory B2C tenant If the app is registered in an **Azure Active Directory B2C** tenant, as described in [Tutorial: Create an Azure Active Directory B2C tenant](/azure/active-directory-b2c/tutorial-create-tenant) but follows the guidance in this article, the App ID URI is managed differently by ME-ID. diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md index 10676a462767..7432876c737f 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md @@ -216,6 +216,10 @@ The Date: Wed, 15 Apr 2026 18:51:53 -0500 Subject: [PATCH 2/5] Updates --- .../includes/redirecttologin-component.md | 27 ------------------- .../includes/remote-authentication-paths.md | 21 ++++++++++++++- .../hosted-with-azure-active-directory-b2c.md | 12 ++++----- .../hosted-with-identity-server.md | 12 ++++----- .../hosted-with-microsoft-entra-id.md | 12 ++++----- .../standalone-with-authentication-library.md | 8 +++--- ...ndalone-with-azure-active-directory-b2c.md | 8 +++--- .../standalone-with-microsoft-accounts.md | 7 ++--- .../standalone-with-microsoft-entra-id.md | 8 +++--- 9 files changed, 54 insertions(+), 61 deletions(-) diff --git a/aspnetcore/blazor/security/includes/redirecttologin-component.md b/aspnetcore/blazor/security/includes/redirecttologin-component.md index 691aeac53f07..eb7dd496f8d5 100644 --- a/aspnetcore/blazor/security/includes/redirecttologin-component.md +++ b/aspnetcore/blazor/security/includes/redirecttologin-component.md @@ -6,30 +6,3 @@ The `RedirectToLogin` component (`RedirectToLogin.razor`): * A query string in ASP.NET Core in .NET 6 or earlier. Inspect the `RedirectToLogin` component in [reference source](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp). The location of the component changed over time, so use GitHub search tools to locate the component. - -The login path can be customized by the app ( on the property in the app's `Program` file, [framework defaults (`dotnet/aspnetcore` reference source)](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs)). The project template's `RedirectToLogin` component uses the default login path of `authentication/login`. - -[!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] - -If an app [customizes the login path](xref:blazor/security/webassembly/additional-scenarios#customize-app-routes), take either of the following approaches: - -* Match the path in the hard-coded string in the `RedirectToLogin` component. -* Inject to obtain the configured value. For example, take this approach when you customize the path with . - Add the following directives at the top of the `RedirectToLogin` component: - - ```razor - @using Microsoft.Extensions.Options - @inject IOptionsSnapshot> RemoteOptions - ``` - - Modify the component's redirect in the `OnInitialized` method: - - ```diff - - Navigation.NavigateToLogin("authentication/login"); - + Navigation.NavigateToLogin(RemoteOptions.Get(Options.DefaultName) - + .AuthenticationPaths.LogInPath); - ``` - - > [!NOTE] - > If other paths differ from the project template's paths or [framework's default paths](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs), they should managed in the same fashion. - diff --git a/aspnetcore/blazor/security/includes/remote-authentication-paths.md b/aspnetcore/blazor/security/includes/remote-authentication-paths.md index 3766df0e8183..a8758ce7c9ca 100644 --- a/aspnetcore/blazor/security/includes/remote-authentication-paths.md +++ b/aspnetcore/blazor/security/includes/remote-authentication-paths.md @@ -5,4 +5,23 @@ Remote authentication paths are customized using to obtain the configured value around the app. For an example, see the [`RedirectToLogin` component](#redirecttologin-component) section. + +* Inject to obtain the configured value around the app. The following example demonstrates the approach for the `RedirectToLogin` component](#redirecttologin-component). + + Add the following Razor directives to the top of the component's Razor file: + + ```razor + @using Microsoft.Extensions.Options + @inject IOptionsSnapshot> RemoteOptions + ``` + + Modify the component's redirect in the `OnInitialized` method: + + ```diff + - Navigation.NavigateToLogin("authentication/login"); + + Navigation.NavigateToLogin(RemoteOptions.Get(Options.DefaultName) + + .AuthenticationPaths.LogInPath); + ``` + + > [!NOTE] + > If other paths differ from the project template's paths or [framework's default paths](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs), they should managed in the same fashion. diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md index 5a6476c8692e..ed6f6beb5aae 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-azure-active-directory-b2c.md @@ -161,6 +161,12 @@ To configure the app to receive the value from the `name` claim type: }); ``` +## Remote authentication paths + +*This section pertains to the solution's **:::no-loc text="Client":::** app.* + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Parts of the solution This section describes the parts of a solution generated from the Blazor WebAssembly project template and describes how the solution's **:::no-loc text="Client":::** and **:::no-loc text="Server":::** projects are configured for reference. There's no specific guidance to follow in this section for a basic working application if you created the app using the guidance in the [Walkthrough](#walkthrough) section. The guidance in this section is helpful for updating an app to authenticate and authorize users. However, an alternative approach to updating an app is to create a new app from the guidance in the [Walkthrough](#walkthrough) section and moving the app's components, classes, and resources to the new app. @@ -435,12 +441,6 @@ Due to changes in the framework across releases of ASP.NET Core, Razor markup fo [!INCLUDE[](~/blazor/security/includes/fetchdata-component.md)] -## Remote authentication paths - -*This section pertains to the solution's **:::no-loc text="Client":::** app.* - -[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] - ## Troubleshoot [!INCLUDE[](~/blazor/security/includes/troubleshoot-wasm.md)] diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md index 51f94636b8d5..f027ce40ade4 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-identity-server.md @@ -77,6 +77,12 @@ For more information, see the [`dotnet new`](/dotnet/core/tools/dotnet-new) comm [!INCLUDE[](~/blazor/security/includes/run-the-app.md)] +## Remote authentication paths + +*This section pertains to the solution's **:::no-loc text="Client":::** app.* + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Parts of the solution This section describes the parts of a solution generated from the Blazor WebAssembly project template and describes how the solution's **:::no-loc text="Client":::** and **:::no-loc text="Server":::** projects are configured for reference. There's no specific guidance to follow in this section for a basic working application if you created the app using the guidance in the [Walkthrough](#walkthrough) section. The guidance in this section is helpful for updating an app to authenticate and authorize users. However, an alternative approach to updating an app is to create a new app from the guidance in the [Walkthrough](#walkthrough) section and moving the app's components, classes, and resources to the new app. @@ -347,12 +353,6 @@ Due to changes in the framework across releases of ASP.NET Core, Razor markup fo [!INCLUDE[](~/blazor/security/includes/fetchdata-component.md)] -## Remote authentication paths - -*This section pertains to the solution's **:::no-loc text="Client":::** app.* - -[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] - ## Azure App Service on Linux Specify the issuer explicitly when deploying to Azure App Service on Linux. For more information, see . diff --git a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md index f5b9b28db5d3..73d4921ffe52 100644 --- a/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md +++ b/aspnetcore/blazor/security/webassembly/hosted-with-microsoft-entra-id.md @@ -165,6 +165,12 @@ To configure the app to receive the value from the `name` claim type: }); ``` +## Remote authentication paths + +*This section pertains to the solution's **:::no-loc text="Client":::** app.* + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Parts of the solution This section describes the parts of a solution generated from the Blazor WebAssembly project template and describes how the solution's **:::no-loc text="Client":::** and **:::no-loc text="Server":::** projects are configured for reference. There's no specific guidance to follow in this section for a basic working application if you created the app using the guidance in the [Walkthrough](#walkthrough) section. The guidance in this section is helpful for updating an app to authenticate and authorize users. However, an alternative approach to updating an app is to create a new app from the guidance in the [Walkthrough](#walkthrough) section and moving the app's components, classes, and resources to the new app. @@ -441,12 +447,6 @@ Due to changes in the framework across releases of ASP.NET Core, Razor markup fo [!INCLUDE[](~/blazor/security/includes/fetchdata-component.md)] -## Remote authentication paths - -*This section pertains to the solution's **:::no-loc text="Client":::** app.* - -[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] - ## Use of an Azure Active Directory B2C tenant If the app is registered in an **Azure Active Directory B2C** tenant, as described in [Tutorial: Create an Azure Active Directory B2C tenant](/azure/active-directory-b2c/tutorial-create-tenant) but follows the guidance in this article, the App ID URI is managed differently by ME-ID. diff --git a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md index 7432876c737f..83730d47b0bc 100644 --- a/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md +++ b/aspnetcore/blazor/security/webassembly/standalone-with-authentication-library.md @@ -123,6 +123,10 @@ Use one of the following approaches to run the app: * Press F5. * .NET CLI command shell: Execute the `dotnet watch` (or `dotnet run`) command from the app's folder. +## Remote authentication paths + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Parts of the app This section describes the parts of an app generated from the Blazor WebAssembly project template and how the app is configured. There's no specific guidance to follow in this section for a basic working application if you created the app using the guidance in the [Walkthrough](#walkthrough) section. The guidance in this section is helpful for updating an app to authenticate and authorize users. However, an alternative approach to updating an app is to create a new app from the guidance in the [Walkthrough](#walkthrough) section and moving the app's components, classes, and resources to the new app. @@ -216,10 +220,6 @@ The F5. * .NET CLI command shell: Execute the `dotnet watch` (or `dotnet run`) command from the app's folder. +## Remote authentication paths + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Parts of the app This section describes the parts of an app generated from the Blazor WebAssembly project template and how the app is configured. There's no specific guidance to follow in this section for a basic working application if you created the app using the guidance in the [Walkthrough](#walkthrough) section. The guidance in this section is helpful for updating an app to authenticate and authorize users. However, an alternative approach to updating an app is to create a new app from the guidance in the [Walkthrough](#walkthrough) section and moving the app's components, classes, and resources to the new app. @@ -224,10 +228,6 @@ The F5. * .NET CLI command shell: Execute the `dotnet watch` (or `dotnet run`) command from the app's folder. +## Remote authentication paths + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Parts of the app This section describes the parts of an app generated from the Blazor WebAssembly project template and how the app is configured. There's no specific guidance to follow in this section for a basic working application if you created the app using the guidance in the [Walkthrough](#walkthrough) section. The guidance in this section is helpful for updating an app to authenticate and authorize users. However, an alternative approach to updating an app is to create a new app from the guidance in the [Walkthrough](#walkthrough) section and moving the app's components, classes, and resources to the new app. @@ -199,9 +203,6 @@ The F5. * .NET CLI command shell: Execute the `dotnet watch` (or `dotnet run`) command from the app's folder. +## Remote authentication paths + +[!INCLUDE[](~/blazor/security/includes/remote-authentication-paths.md)] + ## Parts of the app This section describes the parts of an app generated from the Blazor WebAssembly project template and how the app is configured. There's no specific guidance to follow in this section for a basic working application if you created the app using the guidance in the [Walkthrough](#walkthrough) section. The guidance in this section is helpful for updating an app to authenticate and authorize users. However, an alternative approach to updating an app is to create a new app from the guidance in the [Walkthrough](#walkthrough) section and moving the app's components, classes, and resources to the new app. @@ -200,10 +204,6 @@ The Date: Wed, 15 Apr 2026 19:04:12 -0500 Subject: [PATCH 3/5] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../blazor/security/includes/remote-authentication-paths.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/security/includes/remote-authentication-paths.md b/aspnetcore/blazor/security/includes/remote-authentication-paths.md index a8758ce7c9ca..7a638306defc 100644 --- a/aspnetcore/blazor/security/includes/remote-authentication-paths.md +++ b/aspnetcore/blazor/security/includes/remote-authentication-paths.md @@ -24,4 +24,4 @@ If an app [customizes a remote authentication path](xref:blazor/security/webasse ``` > [!NOTE] - > If other paths differ from the project template's paths or [framework's default paths](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs), they should managed in the same fashion. + > If other paths differ from the project template's paths or [framework's default paths](https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticationDefaults.cs), manage them in the same fashion. From e38c99d21c81212463ab24b6bddfeada8feea4b5 Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Wed, 15 Apr 2026 19:07:07 -0500 Subject: [PATCH 4/5] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../blazor/security/includes/remote-authentication-paths.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/security/includes/remote-authentication-paths.md b/aspnetcore/blazor/security/includes/remote-authentication-paths.md index 7a638306defc..c807f826da2a 100644 --- a/aspnetcore/blazor/security/includes/remote-authentication-paths.md +++ b/aspnetcore/blazor/security/includes/remote-authentication-paths.md @@ -6,7 +6,7 @@ If an app [customizes a remote authentication path](xref:blazor/security/webasse * Match the path in hard-coded strings around the app. -* Inject to obtain the configured value around the app. The following example demonstrates the approach for the `RedirectToLogin` component](#redirecttologin-component). +* Inject to obtain the configured value around the app. The following example demonstrates the approach for the [`RedirectToLogin` component](#redirecttologin-component). Add the following Razor directives to the top of the component's Razor file: From a02f82e0b4e4803eda34cc161d6115b49d345393 Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Thu, 16 Apr 2026 18:40:55 -0500 Subject: [PATCH 5/5] Clarify URL maintenance in RedirectToLogin component Corrected wording for clarity regarding URL maintenance during redirection. --- .../blazor/security/includes/redirecttologin-component.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/security/includes/redirecttologin-component.md b/aspnetcore/blazor/security/includes/redirecttologin-component.md index eb7dd496f8d5..6c09b834ffbd 100644 --- a/aspnetcore/blazor/security/includes/redirecttologin-component.md +++ b/aspnetcore/blazor/security/includes/redirecttologin-component.md @@ -1,7 +1,7 @@ The `RedirectToLogin` component (`RedirectToLogin.razor`): * Manages redirecting unauthorized users to the login page. -* The current URL that the user is attempting to access is maintained by so that they can be returned to that page if authentication is successful using: +* The current URL that the user is attempting to access is maintained so that they can be returned to that page if authentication is successful using: * [Navigation history state](xref:blazor/fundamentals/navigation#navigation-history-state) in ASP.NET Core in .NET 7 or later. * A query string in ASP.NET Core in .NET 6 or earlier.