From 21884d3227b3d3baec918c786f3e18500dd019fb Mon Sep 17 00:00:00 2001
From: Stephen Halter <halter73@gmail.com>
Date: Mon, 13 May 2024 17:22:33 -0700
Subject: [PATCH 1/3] Build in AuthenticationStateProviders from project
 templates

---
 .../src/AuthenticationStateData.cs            | 27 ++++++
 ...tEnvironmentAuthenticationStateProvider.cs |  6 +-
 .../Authorization/src/PublicAPI.Unshipped.txt |  8 ++
 ...orComponentsServiceCollectionExtensions.cs |  3 +
 .../ServerAuthenticationStateProvider.cs      |  2 +-
 .../Endpoints/src/PublicAPI.Unshipped.txt     |  4 +
 .../src/Rendering/EndpointHtmlRenderer.cs     | 16 +++-
 .../Server/src/Properties/AssemblyInfo.cs     |  6 ++
 .../Server/src/PublicAPI.Unshipped.txt        |  8 ++
 ...AuthenticationStateSerializationOptions.cs | 73 +++++++++++++++
 .../src/AuthenticationStateSerializer.cs      | 52 +++++++++++
 .../Server/src/PublicAPI.Unshipped.txt        |  7 ++
 ...ssemblyRazorComponentsBuilderExtensions.cs | 21 +++++
 ...thenticationStateDeserializationOptions.cs | 39 ++++++++
 .../src/PublicAPI.Unshipped.txt               |  5 ++
 ...cs => AccessTokenNotAvailableException.cs} |  0
 ...DeserializedAuthenticationStateProvider.cs | 36 ++++++++
 ...thenticationServiceCollectionExtensions.cs | 21 +++++
 ...t.AspNetCore.Components.WebAssembly.csproj |  1 +
 ...enticationStateSerializationOptionsTest.cs | 42 +++++++++
 .../ServerRenderedAuthenticationStateTest.cs  | 88 ++++++++++++++-----
 .../NoInteractivityTest.cs                    | 24 ++++-
 ...CascadingAuthenticationStateConsumer.razor | 48 +---------
 ...omponentEndpointsNoInteractivityStartup.cs |  2 +
 .../RazorComponentEndpointsStartup.cs         | 28 ++++--
 .../RazorComponents/App.razor                 |  4 +
 .../Auth/InteractiveAuthenticationState.razor | 30 -------
 ...ServerInteractiveAuthenticationState.razor |  6 ++
 .../Auth/StaticAuthenticationState.razor      | 10 +--
 ...semblyInteractiveAuthenticationState.razor |  5 ++
 .../Components.WasmMinimal.csproj             |  1 +
 .../Components.WasmMinimal/Program.cs         | 19 ++++
 .../CascadingAuthenticationStateReader.razor  | 88 +++++++++++++++++++
 .../TestContentPackage.csproj                 |  1 +
 34 files changed, 612 insertions(+), 119 deletions(-)
 create mode 100644 src/Components/Authorization/src/AuthenticationStateData.cs
 rename src/Components/{Server/src/Circuits => Endpoints/src/DependencyInjection}/ServerAuthenticationStateProvider.cs (94%)
 create mode 100644 src/Components/Server/src/Properties/AssemblyInfo.cs
 create mode 100644 src/Components/WebAssembly/Server/src/AuthenticationStateSerializationOptions.cs
 create mode 100644 src/Components/WebAssembly/Server/src/AuthenticationStateSerializer.cs
 create mode 100644 src/Components/WebAssembly/WebAssembly.Authentication/src/Options/AuthenticationStateDeserializationOptions.cs
 rename src/Components/WebAssembly/WebAssembly.Authentication/src/Services/{ExpiredTokenException.cs => AccessTokenNotAvailableException.cs} (100%)
 create mode 100644 src/Components/WebAssembly/WebAssembly.Authentication/src/Services/DeserializedAuthenticationStateProvider.cs
 create mode 100644 src/Components/test/E2ETest/ServerRenderingTests/AuthTests/DefaultAuthenticationStateSerializationOptionsTest.cs
 delete mode 100644 src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/InteractiveAuthenticationState.razor
 create mode 100644 src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/ServerInteractiveAuthenticationState.razor
 create mode 100644 src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/WebAssemblyInteractiveAuthenticationState.razor
 create mode 100644 src/Components/test/testassets/TestContentPackage/CascadingAuthenticationStateReader.razor

diff --git a/src/Components/Authorization/src/AuthenticationStateData.cs b/src/Components/Authorization/src/AuthenticationStateData.cs
new file mode 100644
index 000000000000..da4b5da8085d
--- /dev/null
+++ b/src/Components/Authorization/src/AuthenticationStateData.cs
@@ -0,0 +1,27 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Components.Authorization;
+
+/// <summary>
+/// A JSON-serializable type that represents the data that is used to create an <see cref="AuthenticationState"/>.
+/// </summary>
+public class AuthenticationStateData
+{
+    /// <summary>
+    /// The client-readable claims that describe the <see cref="AuthenticationState.User"/>.
+    /// </summary>
+    public IList<KeyValuePair<string, string>> Claims { get; set; } = [];
+
+    /// <summary>
+    /// Gets the value that identifies 'Name' claims. This is used when returning the property <see cref="ClaimsIdentity.Name"/>.
+    /// </summary>
+    public string NameClaimType { get; set; } = ClaimsIdentity.DefaultNameClaimType;
+
+    /// <summary>
+    /// Gets the value that identifies 'Role' claims. This is used when calling <see cref="ClaimsPrincipal.IsInRole"/>.
+    /// </summary>
+    public string RoleClaimType { get; set; } = ClaimsIdentity.DefaultRoleClaimType;
+}
diff --git a/src/Components/Authorization/src/IHostEnvironmentAuthenticationStateProvider.cs b/src/Components/Authorization/src/IHostEnvironmentAuthenticationStateProvider.cs
index 46810597846c..fe1dd31c82b8 100644
--- a/src/Components/Authorization/src/IHostEnvironmentAuthenticationStateProvider.cs
+++ b/src/Components/Authorization/src/IHostEnvironmentAuthenticationStateProvider.cs
@@ -4,8 +4,10 @@
 namespace Microsoft.AspNetCore.Components.Authorization;
 
 /// <summary>
-/// An interface implemented by <see cref="AuthenticationStateProvider"/> classes that can receive authentication
-/// state information from the host environment.
+/// An interface implemented by services to receive authentication state information from the host environment.
+/// If this is implemented by the host's <see cref="AuthenticationStateProvider"/>, it will receive authentication state from the HttpContext.
+/// Or if this implemented service that is registered directly as an <see cref="IHostEnvironmentAuthenticationStateProvider"/>,
+/// it will receive the <see cref="AuthenticationState"/> returned by <see cref="AuthenticationStateProvider.GetAuthenticationStateAsync"/> 
 /// </summary>
 public interface IHostEnvironmentAuthenticationStateProvider
 {
diff --git a/src/Components/Authorization/src/PublicAPI.Unshipped.txt b/src/Components/Authorization/src/PublicAPI.Unshipped.txt
index 7dc5c58110bf..74b5773a99d5 100644
--- a/src/Components/Authorization/src/PublicAPI.Unshipped.txt
+++ b/src/Components/Authorization/src/PublicAPI.Unshipped.txt
@@ -1 +1,9 @@
 #nullable enable
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData.AuthenticationStateData() -> void
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData.Claims.get -> System.Collections.Generic.IList<System.Collections.Generic.KeyValuePair<string!, string!>>!
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData.Claims.set -> void
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData.NameClaimType.get -> string!
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData.NameClaimType.set -> void
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData.RoleClaimType.get -> string!
+Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData.RoleClaimType.set -> void
diff --git a/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs b/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
index f695735195d2..9582ba579942 100644
--- a/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
+++ b/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
@@ -4,6 +4,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Reflection.Metadata;
 using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.Endpoints;
 using Microsoft.AspNetCore.Components.Endpoints.DependencyInjection;
 using Microsoft.AspNetCore.Components.Endpoints.Forms;
@@ -11,6 +12,7 @@
 using Microsoft.AspNetCore.Components.Forms.Mapping;
 using Microsoft.AspNetCore.Components.Infrastructure;
 using Microsoft.AspNetCore.Components.Routing;
+using Microsoft.AspNetCore.Components.Server;
 using Microsoft.AspNetCore.Components.Web;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -66,6 +68,7 @@ public static IRazorComponentsBuilder AddRazorComponents(this IServiceCollection
             ServiceDescriptor.Singleton<IPostConfigureOptions<RazorComponentsServiceOptions>, DefaultRazorComponentsServiceOptionsConfiguration>());
         services.TryAddScoped<EndpointRoutingStateProvider>();
         services.TryAddScoped<IRoutingStateProvider>(sp => sp.GetRequiredService<EndpointRoutingStateProvider>());
+        services.TryAddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>();
         services.AddSupplyValueFromQueryProvider();
         services.TryAddCascadingValue(sp => sp.GetRequiredService<EndpointHtmlRenderer>().HttpContext);
 
diff --git a/src/Components/Server/src/Circuits/ServerAuthenticationStateProvider.cs b/src/Components/Endpoints/src/DependencyInjection/ServerAuthenticationStateProvider.cs
similarity index 94%
rename from src/Components/Server/src/Circuits/ServerAuthenticationStateProvider.cs
rename to src/Components/Endpoints/src/DependencyInjection/ServerAuthenticationStateProvider.cs
index 26e3512c177e..1d75b353d056 100644
--- a/src/Components/Server/src/Circuits/ServerAuthenticationStateProvider.cs
+++ b/src/Components/Endpoints/src/DependencyInjection/ServerAuthenticationStateProvider.cs
@@ -10,7 +10,7 @@ namespace Microsoft.AspNetCore.Components.Server;
 /// </summary>
 public class ServerAuthenticationStateProvider : AuthenticationStateProvider, IHostEnvironmentAuthenticationStateProvider
 {
-    private Task<AuthenticationState> _authenticationStateTask;
+    private Task<AuthenticationState>? _authenticationStateTask;
 
     /// <inheritdoc />
     public override Task<AuthenticationState> GetAuthenticationStateAsync()
diff --git a/src/Components/Endpoints/src/PublicAPI.Unshipped.txt b/src/Components/Endpoints/src/PublicAPI.Unshipped.txt
index ede23967402c..95d31104cc53 100644
--- a/src/Components/Endpoints/src/PublicAPI.Unshipped.txt
+++ b/src/Components/Endpoints/src/PublicAPI.Unshipped.txt
@@ -1,4 +1,8 @@
 #nullable enable
 Microsoft.AspNetCore.Components.Routing.RazorComponentsEndpointHttpContextExtensions
+Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider
+Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.ServerAuthenticationStateProvider() -> void
+Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.SetAuthenticationState(System.Threading.Tasks.Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!>! authenticationStateTask) -> void
+override Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.GetAuthenticationStateAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!>!
 static Microsoft.AspNetCore.Components.Endpoints.Infrastructure.ComponentEndpointConventionBuilderHelper.GetEndpointRouteBuilder(Microsoft.AspNetCore.Builder.RazorComponentsEndpointConventionBuilder! builder) -> Microsoft.AspNetCore.Routing.IEndpointRouteBuilder!
 static Microsoft.AspNetCore.Components.Routing.RazorComponentsEndpointHttpContextExtensions.AcceptsInteractiveRouting(this Microsoft.AspNetCore.Http.HttpContext! context) -> bool
diff --git a/src/Components/Endpoints/src/Rendering/EndpointHtmlRenderer.cs b/src/Components/Endpoints/src/Rendering/EndpointHtmlRenderer.cs
index c32c602cfa2e..83b1a94e4cf9 100644
--- a/src/Components/Endpoints/src/Rendering/EndpointHtmlRenderer.cs
+++ b/src/Components/Endpoints/src/Rendering/EndpointHtmlRenderer.cs
@@ -78,10 +78,22 @@ internal static async Task InitializeStandardComponentServicesAsync(
         var navigationManager = (IHostEnvironmentNavigationManager)httpContext.RequestServices.GetRequiredService<NavigationManager>();
         navigationManager?.Initialize(GetContextBaseUri(httpContext.Request), GetFullUri(httpContext.Request));
 
-        if (httpContext.RequestServices.GetService<AuthenticationStateProvider>() is IHostEnvironmentAuthenticationStateProvider authenticationStateProvider)
+        var authenticationStateProvider = httpContext.RequestServices.GetService<AuthenticationStateProvider>();
+        if (authenticationStateProvider is IHostEnvironmentAuthenticationStateProvider hostEnvironmentAuthenticationStateProvider)
         {
             var authenticationState = new AuthenticationState(httpContext.User);
-            authenticationStateProvider.SetAuthenticationState(Task.FromResult(authenticationState));
+            hostEnvironmentAuthenticationStateProvider.SetAuthenticationState(Task.FromResult(authenticationState));
+        }
+
+        if (authenticationStateProvider != null)
+        {
+            var authStateListeners = httpContext.RequestServices.GetServices<IHostEnvironmentAuthenticationStateProvider>();
+            Task<AuthenticationState>? authStateTask = null;
+            foreach (var authStateListener in authStateListeners)
+            {
+                authStateTask ??= authenticationStateProvider.GetAuthenticationStateAsync();
+                authStateListener.SetAuthenticationState(authStateTask);
+            }
         }
 
         if (handler != null && form != null)
diff --git a/src/Components/Server/src/Properties/AssemblyInfo.cs b/src/Components/Server/src/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000000..bec22b01859d
--- /dev/null
+++ b/src/Components/Server/src/Properties/AssemblyInfo.cs
@@ -0,0 +1,6 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.CompilerServices;
+
+[assembly: TypeForwardedTo(typeof(Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider))]
diff --git a/src/Components/Server/src/PublicAPI.Unshipped.txt b/src/Components/Server/src/PublicAPI.Unshipped.txt
index 9d240138aaac..f16893dc154c 100644
--- a/src/Components/Server/src/PublicAPI.Unshipped.txt
+++ b/src/Components/Server/src/PublicAPI.Unshipped.txt
@@ -1,4 +1,11 @@
 #nullable enable
+*REMOVED*Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider
+*REMOVED*Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.ServerAuthenticationStateProvider() -> void
+*REMOVED*Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.SetAuthenticationState(System.Threading.Tasks.Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!>! authenticationStateTask) -> void
+*REMOVED*override Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.GetAuthenticationStateAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!>!
+Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider (forwarded, contained in Microsoft.AspNetCore.Components.Endpoints)
+Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.ServerAuthenticationStateProvider() -> void (forwarded, contained in Microsoft.AspNetCore.Components.Endpoints)
+Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.SetAuthenticationState(System.Threading.Tasks.Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!>! authenticationStateTask) -> void (forwarded, contained in Microsoft.AspNetCore.Components.Endpoints)
 Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions
 Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ConfigureWebSocketAcceptContext.get -> System.Func<Microsoft.AspNetCore.Http.HttpContext!, Microsoft.AspNetCore.Http.WebSocketAcceptContext!, System.Threading.Tasks.Task!>?
 Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ConfigureWebSocketAcceptContext.set -> void
@@ -7,4 +14,5 @@ Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ContentSe
 Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.DisableWebSocketCompression.get -> bool
 Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.DisableWebSocketCompression.set -> void
 Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions.ServerComponentsEndpointOptions() -> void
+override Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider.GetAuthenticationStateAsync() -> System.Threading.Tasks.Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!>! (forwarded, contained in Microsoft.AspNetCore.Components.Endpoints)
 static Microsoft.AspNetCore.Builder.ServerRazorComponentsEndpointConventionBuilderExtensions.AddInteractiveServerRenderMode(this Microsoft.AspNetCore.Builder.RazorComponentsEndpointConventionBuilder! builder, System.Action<Microsoft.AspNetCore.Components.Server.ServerComponentsEndpointOptions!>! configure) -> Microsoft.AspNetCore.Builder.RazorComponentsEndpointConventionBuilder!
diff --git a/src/Components/WebAssembly/Server/src/AuthenticationStateSerializationOptions.cs b/src/Components/WebAssembly/Server/src/AuthenticationStateSerializationOptions.cs
new file mode 100644
index 000000000000..d7c3dc752a47
--- /dev/null
+++ b/src/Components/WebAssembly/Server/src/AuthenticationStateSerializationOptions.cs
@@ -0,0 +1,73 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Components.Authorization;
+
+namespace Microsoft.AspNetCore.Components.WebAssembly.Server;
+
+/// <summary>
+/// Provides options for configuring the JSON serialization of the <see cref="AuthenticationState"/> provided by the server's <see cref="AuthenticationStateProvider"/>
+/// to the WebAssembly client using <see cref="PersistentComponentState"/>.
+/// </summary>
+public class AuthenticationStateSerializationOptions
+{
+    /// <summary>
+    /// Default constructor for <see cref="AuthenticationStateSerializationOptions"/>.
+    /// </summary>
+    public AuthenticationStateSerializationOptions()
+    {
+        SerializationCallback = SerializeAuthenticationStateAsync;
+    }
+
+    /// <summary>
+    /// If <see langword="true"/>, the default <see cref="SerializationCallback"/> will serialize all claims; otherwise, it will only serialize
+    /// the <see cref="ClaimsIdentity.NameClaimType"/> and <see cref="ClaimsIdentity.RoleClaimType"/> claims.
+    /// </summary>
+    public bool SerializeAllClaims { get; set; }
+
+    /// <summary>
+    /// Default implementation for converting the server's <see cref="AuthenticationState"/> to an <see cref="AuthenticationStateData"/> object
+    /// for JSON serialization to the client using <see cref="PersistentComponentState"/>."/>
+    /// </summary>
+    public Func<AuthenticationState, ValueTask<AuthenticationStateData?>> SerializationCallback { get; set; }
+
+    private ValueTask<AuthenticationStateData?> SerializeAuthenticationStateAsync(AuthenticationState authenticationState)
+    {
+        AuthenticationStateData? data = null;
+
+        if (authenticationState.User.Identity?.IsAuthenticated ?? false)
+        {
+            data = new AuthenticationStateData();
+
+            if (authenticationState.User.Identities.FirstOrDefault() is { } identity)
+            {
+                data.NameClaimType = identity.NameClaimType;
+                data.RoleClaimType = identity.RoleClaimType;
+            }
+
+            if (SerializeAllClaims)
+            {
+                foreach (var claim in authenticationState.User.Claims)
+                {
+                    data.Claims.Add(new(claim.Type, claim.Value));
+                }
+            }
+            else
+            {
+                if (authenticationState.User.FindFirst(data.NameClaimType) is { } nameClaim)
+                {
+                    data.Claims.Add(new(nameClaim.Type, nameClaim.Value));
+                }
+
+                foreach (var roleClaim in authenticationState.User.FindAll(data.RoleClaimType))
+                {
+                    data.Claims.Add(new(roleClaim.Type, roleClaim.Value));
+                }
+            }
+        }
+
+        return ValueTask.FromResult(data);
+    }
+}
diff --git a/src/Components/WebAssembly/Server/src/AuthenticationStateSerializer.cs b/src/Components/WebAssembly/Server/src/AuthenticationStateSerializer.cs
new file mode 100644
index 000000000000..4c4a83e23196
--- /dev/null
+++ b/src/Components/WebAssembly/Server/src/AuthenticationStateSerializer.cs
@@ -0,0 +1,52 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.AspNetCore.Components.Web;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Components.WebAssembly.Server;
+
+internal sealed class AuthenticationStateSerializer : IHostEnvironmentAuthenticationStateProvider, IDisposable
+{
+    // Do not change. This must match all versions of the server-side DeserializedAuthenticationStateProvider.PersistenceKey.
+    internal const string PersistenceKey = $"__internal__{nameof(AuthenticationState)}";
+
+    private readonly PersistentComponentState _state;
+    private readonly Func<AuthenticationState, ValueTask<AuthenticationStateData?>> _serializeCallback;
+    private readonly PersistingComponentStateSubscription _subscription;
+
+    private Task<AuthenticationState>? _authenticationStateTask;
+
+    public AuthenticationStateSerializer(PersistentComponentState persistentComponentState, IOptions<AuthenticationStateSerializationOptions> options)
+    {
+        _state = persistentComponentState;
+        _serializeCallback = options.Value.SerializationCallback;
+        _subscription = persistentComponentState.RegisterOnPersisting(OnPersistingAsync, RenderMode.InteractiveWebAssembly);
+    }
+
+    private async Task OnPersistingAsync()
+    {
+        if (_authenticationStateTask is null)
+        {
+            throw new InvalidOperationException($"{nameof(SetAuthenticationState)} must be called before the {nameof(PersistentComponentState)}.{nameof(PersistentComponentState.RegisterOnPersisting)} callback.");
+        }
+
+        var authenticationStateData = await _serializeCallback(await _authenticationStateTask);
+        if (authenticationStateData is not null)
+        {
+            _state.PersistAsJson(PersistenceKey, authenticationStateData);
+        }
+    }
+
+    /// <inheritdoc />
+    public void SetAuthenticationState(Task<AuthenticationState> authenticationStateTask)
+    {
+        _authenticationStateTask = authenticationStateTask ?? throw new ArgumentNullException(nameof(authenticationStateTask));
+    }
+
+    public void Dispose()
+    {
+        _subscription.Dispose();
+    }
+}
diff --git a/src/Components/WebAssembly/Server/src/PublicAPI.Unshipped.txt b/src/Components/WebAssembly/Server/src/PublicAPI.Unshipped.txt
index deab402bac7a..ce19c26b8ac9 100644
--- a/src/Components/WebAssembly/Server/src/PublicAPI.Unshipped.txt
+++ b/src/Components/WebAssembly/Server/src/PublicAPI.Unshipped.txt
@@ -1,5 +1,12 @@
 #nullable enable
+Microsoft.AspNetCore.Components.WebAssembly.Server.AuthenticationStateSerializationOptions
+Microsoft.AspNetCore.Components.WebAssembly.Server.AuthenticationStateSerializationOptions.AuthenticationStateSerializationOptions() -> void
+Microsoft.AspNetCore.Components.WebAssembly.Server.AuthenticationStateSerializationOptions.SerializationCallback.get -> System.Func<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!, System.Threading.Tasks.ValueTask<Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData?>>!
+Microsoft.AspNetCore.Components.WebAssembly.Server.AuthenticationStateSerializationOptions.SerializationCallback.set -> void
+Microsoft.AspNetCore.Components.WebAssembly.Server.AuthenticationStateSerializationOptions.SerializeAllClaims.get -> bool
+Microsoft.AspNetCore.Components.WebAssembly.Server.AuthenticationStateSerializationOptions.SerializeAllClaims.set -> void
 Microsoft.AspNetCore.Components.WebAssembly.Server.WebAssemblyComponentsEndpointOptions.ServeMultithreadingHeaders.get -> bool
 Microsoft.AspNetCore.Components.WebAssembly.Server.WebAssemblyComponentsEndpointOptions.ServeMultithreadingHeaders.set -> void
 Microsoft.AspNetCore.Components.WebAssembly.Server.WebAssemblyComponentsEndpointOptions.StaticAssetsManifestPath.get -> string?
 Microsoft.AspNetCore.Components.WebAssembly.Server.WebAssemblyComponentsEndpointOptions.StaticAssetsManifestPath.set -> void
+static Microsoft.Extensions.DependencyInjection.WebAssemblyRazorComponentsBuilderExtensions.AddAuthenticationStateSerialization(this Microsoft.Extensions.DependencyInjection.IRazorComponentsBuilder! builder, System.Action<Microsoft.AspNetCore.Components.WebAssembly.Server.AuthenticationStateSerializationOptions!>? configure = null) -> Microsoft.Extensions.DependencyInjection.IRazorComponentsBuilder!
diff --git a/src/Components/WebAssembly/Server/src/WebAssemblyRazorComponentsBuilderExtensions.cs b/src/Components/WebAssembly/Server/src/WebAssemblyRazorComponentsBuilderExtensions.cs
index f390f78cb889..ffe90126c662 100644
--- a/src/Components/WebAssembly/Server/src/WebAssemblyRazorComponentsBuilderExtensions.cs
+++ b/src/Components/WebAssembly/Server/src/WebAssemblyRazorComponentsBuilderExtensions.cs
@@ -3,8 +3,10 @@
 
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.Endpoints.Infrastructure;
 using Microsoft.AspNetCore.Components.Web;
+using Microsoft.AspNetCore.Components.WebAssembly.Server;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -30,6 +32,25 @@ public static IRazorComponentsBuilder AddInteractiveWebAssemblyComponents(this I
         return builder;
     }
 
+    /// <summary>
+    /// Serializes the <see cref="AuthenticationState"/> returned by the server-side <see cref="AuthenticationStateProvider"/> using <see cref="PersistentComponentState"/>
+    /// for use by interactive WebAssembly components via a deserializing client-side <see cref="AuthenticationStateProvider"/> which can be added by calling
+    /// AddAuthenticationStateDeserialization from the Microsoft.AspNetCore.Components.WebAssembly.Authentication package in the client project.
+    /// </summary>
+    /// <param name="builder">The <see cref="IRazorComponentsBuilder"/>.</param>
+    /// <param name="configure">A callback to customize the serialization of the <see cref="AuthenticationState"/>.</param>
+    /// <returns>An <see cref="IRazorComponentsBuilder"/> that can be used to further customize the configuration.</returns>
+    public static IRazorComponentsBuilder AddAuthenticationStateSerialization(this IRazorComponentsBuilder builder, Action<AuthenticationStateSerializationOptions>? configure = null)
+    {
+        builder.Services.TryAddEnumerable(ServiceDescriptor.Scoped<IHostEnvironmentAuthenticationStateProvider, AuthenticationStateSerializer>());
+        if (configure is not null)
+        {
+            builder.Services.Configure(configure);
+        }
+
+        return builder;
+    }
+
     private class WebAssemblyEndpointProvider(IServiceProvider services) : RenderModeEndpointProvider
     {
         public override IEnumerable<RouteEndpointBuilder> GetEndpointBuilders(IComponentRenderMode renderMode, IApplicationBuilder applicationBuilder)
diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/Options/AuthenticationStateDeserializationOptions.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/Options/AuthenticationStateDeserializationOptions.cs
new file mode 100644
index 000000000000..58bf7e903f50
--- /dev/null
+++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/Options/AuthenticationStateDeserializationOptions.cs
@@ -0,0 +1,39 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Components.Authorization;
+
+namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication;
+
+/// <summary>
+/// Provides options for configuring the JSON deserialization of the client's <see cref="AuthenticationState"/> from the server using <see cref="PersistentComponentState"/>.
+/// </summary>
+public sealed class AuthenticationStateDeserializationOptions
+{
+    private static readonly Task<AuthenticationState> _defaultUnauthenticatedStateTask =
+        Task.FromResult(new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity())));
+
+    /// <summary>
+    /// Default implementation for converting the <see cref="AuthenticationStateData"/> that was JSON deserialized from the server
+    /// using <see cref="PersistentComponentState"/> to an <see cref="AuthenticationState"/> object to be returned by the WebAssembly
+    /// client's <see cref="AuthenticationStateProvider"/>.
+    /// </summary>
+    public Func<AuthenticationStateData?, Task<AuthenticationState>> DeserializationCallback { get; set; } = DeserializeAuthenticationStateAsync;
+
+    private static Task<AuthenticationState> DeserializeAuthenticationStateAsync(AuthenticationStateData? authenticationStateData)
+    {
+        if (authenticationStateData is null)
+        {
+            return _defaultUnauthenticatedStateTask;
+        }
+
+        return Task.FromResult(
+            new AuthenticationState(new ClaimsPrincipal(
+                new ClaimsIdentity(authenticationStateData.Claims.Select(c => new Claim(c.Key, c.Value)),
+                    authenticationType: nameof(DeserializedAuthenticationStateProvider),
+                    nameType: authenticationStateData.NameClaimType,
+                    roleType: authenticationStateData.RoleClaimType))));
+    }
+}
diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt b/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt
index 7dc5c58110bf..e6de697cb73c 100644
--- a/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt
+++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt
@@ -1 +1,6 @@
 #nullable enable
+Microsoft.AspNetCore.Components.WebAssembly.Authentication.AuthenticationStateDeserializationOptions
+Microsoft.AspNetCore.Components.WebAssembly.Authentication.AuthenticationStateDeserializationOptions.AuthenticationStateDeserializationOptions() -> void
+Microsoft.AspNetCore.Components.WebAssembly.Authentication.AuthenticationStateDeserializationOptions.DeserializationCallback.get -> System.Func<Microsoft.AspNetCore.Components.Authorization.AuthenticationStateData?, System.Threading.Tasks.Task<Microsoft.AspNetCore.Components.Authorization.AuthenticationState!>!>!
+Microsoft.AspNetCore.Components.WebAssembly.Authentication.AuthenticationStateDeserializationOptions.DeserializationCallback.set -> void
+static Microsoft.Extensions.DependencyInjection.WebAssemblyAuthenticationServiceCollectionExtensions.AddAuthenticationStateDeserialization(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services, System.Action<Microsoft.AspNetCore.Components.WebAssembly.Authentication.AuthenticationStateDeserializationOptions!>? configure = null) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/ExpiredTokenException.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenNotAvailableException.cs
similarity index 100%
rename from src/Components/WebAssembly/WebAssembly.Authentication/src/Services/ExpiredTokenException.cs
rename to src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenNotAvailableException.cs
diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/DeserializedAuthenticationStateProvider.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/DeserializedAuthenticationStateProvider.cs
new file mode 100644
index 000000000000..065fffdb3951
--- /dev/null
+++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/Services/DeserializedAuthenticationStateProvider.cs
@@ -0,0 +1,36 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Diagnostics.CodeAnalysis;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.Components.WebAssembly.Authentication;
+
+internal sealed class DeserializedAuthenticationStateProvider : AuthenticationStateProvider
+{
+    // Do not change. This must match all versions of the server-side AuthenticationStateSerializer.PersistenceKey.
+    private const string PersistenceKey = $"__internal__{nameof(AuthenticationState)}";
+
+    private static readonly Task<AuthenticationState> _defaultUnauthenticatedTask =
+        Task.FromResult(new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity())));
+
+    private readonly Task<AuthenticationState> _authenticationStateTask = _defaultUnauthenticatedTask;
+
+    [UnconditionalSuppressMessage(
+        "Trimming",
+        "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code",
+        Justification = $"{nameof(DeserializedAuthenticationStateProvider)} uses the {nameof(PersistentComponentState)} APIs to deserialize the token, which are already annotated.")]
+    public DeserializedAuthenticationStateProvider(PersistentComponentState state, IOptions<AuthenticationStateDeserializationOptions> options)
+    {
+        if (!state.TryTakeFromJson<AuthenticationStateData?>(PersistenceKey, out var authenticationStateData) || authenticationStateData is null)
+        {
+            return;
+        }
+
+        _authenticationStateTask = options.Value.DeserializationCallback(authenticationStateData);
+    }
+
+    public override Task<AuthenticationState> GetAuthenticationStateAsync() => _authenticationStateTask;
+}
diff --git a/src/Components/WebAssembly/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs b/src/Components/WebAssembly/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs
index 4c40da411b76..20cf1e0867f7 100644
--- a/src/Components/WebAssembly/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs
+++ b/src/Components/WebAssembly/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs
@@ -3,6 +3,7 @@
 
 using System.Diagnostics.CodeAnalysis;
 using System.Reflection;
+using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.WebAssembly.Authentication;
 using Microsoft.AspNetCore.Components.WebAssembly.Authentication.Internal;
@@ -17,6 +18,26 @@ namespace Microsoft.Extensions.DependencyInjection;
 /// </summary>
 public static class WebAssemblyAuthenticationServiceCollectionExtensions
 {
+    /// <summary>
+    /// Adds an <see cref="AuthenticationStateProvider"/> where the <see cref="AuthenticationState"/> is deserialized from the server
+    /// using <see cref="AuthenticationStateData"/> and <see cref="PersistentComponentState"/>. There should be a corresponding call to
+    /// AddAuthenticationStateSerialization from the Microsoft.AspNetCore.Components.WebAssembly.Server package in the server project.
+    /// </summary>
+    /// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
+    /// <param name="configure">An action that will configure the <see cref="AuthenticationStateDeserializationOptions"/>.</param>
+    /// <returns></returns>
+    public static IServiceCollection AddAuthenticationStateDeserialization(this IServiceCollection services, Action<AuthenticationStateDeserializationOptions>? configure = null)
+    {
+        services.AddOptions();
+        services.TryAddScoped<AuthenticationStateProvider, DeserializedAuthenticationStateProvider>();
+        if (configure != null)
+        {
+            services.Configure(configure);
+        }
+
+        return services;
+    }
+
     /// <summary>
     /// Adds support for authentication for SPA applications using the given <typeparamref name="TProviderOptions"/> and
     /// <typeparamref name="TRemoteAuthenticationState"/>.
diff --git a/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj b/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj
index 896817768457..83377b00e498 100644
--- a/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj
+++ b/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj
@@ -49,6 +49,7 @@
     <InternalsVisibleTo Include="Microsoft.AspNetCore.Components.WebAssembly.Tests" />
     <InternalsVisibleTo Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication.Tests" />
     <InternalsVisibleTo Include="BasicTestApp" />
+    <InternalsVisibleTo Include="Components.WasmMinimal" />
   </ItemGroup>
 
   <PropertyGroup>
diff --git a/src/Components/test/E2ETest/ServerRenderingTests/AuthTests/DefaultAuthenticationStateSerializationOptionsTest.cs b/src/Components/test/E2ETest/ServerRenderingTests/AuthTests/DefaultAuthenticationStateSerializationOptionsTest.cs
new file mode 100644
index 000000000000..273f48f82b12
--- /dev/null
+++ b/src/Components/test/E2ETest/ServerRenderingTests/AuthTests/DefaultAuthenticationStateSerializationOptionsTest.cs
@@ -0,0 +1,42 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Components.TestServer.RazorComponents;
+using Microsoft.AspNetCore.Components.E2ETest.Infrastructure;
+using Microsoft.AspNetCore.Components.E2ETest.Infrastructure.ServerFixtures;
+using Microsoft.AspNetCore.E2ETesting;
+using OpenQA.Selenium;
+using TestServer;
+using Xunit.Abstractions;
+
+namespace Microsoft.AspNetCore.Components.E2ETests.ServerRenderingTests.AuthTests;
+
+public class DefaultAuthenticationStateSerializationOptionsTest
+     : ServerTestBase<BasicTestAppServerSiteFixture<RazorComponentEndpointsStartup<App>>>
+{
+    public DefaultAuthenticationStateSerializationOptionsTest(
+        BrowserFixture browserFixture,
+        BasicTestAppServerSiteFixture<RazorComponentEndpointsStartup<App>> serverFixture,
+        ITestOutputHelper output)
+        : base(browserFixture, serverFixture, output)
+    {
+    }
+
+    [Fact]
+    public void DoesNotSerializeAllClaimsByDefault()
+    {
+        Navigate($"{ServerPathBase}/auth/webassembly-interactive-authentication-state?roleClaimType=role&nameClaimType=name");
+
+        Browser.Click(By.LinkText("Log in"));
+
+        Browser.Equal("True", () => Browser.FindElement(By.Id("is-interactive")).Text);
+        Browser.Equal("WebAssembly", () => Browser.FindElement(By.Id("platform")).Text);
+        Browser.Equal("True", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
+        Browser.Equal("YourUsername", () => Browser.FindElement(By.Id("identity-name")).Text);
+        Browser.Equal("True", () => Browser.FindElement(By.Id("is-in-test-role-1")).Text);
+        Browser.Equal("True", () => Browser.FindElement(By.Id("is-in-test-role-2")).Text);
+
+        // While the name and role claims are serialized by default, the test claim is not.
+        Browser.Equal("(none)", () => Browser.FindElement(By.Id("test-claim")).Text);
+    }
+}
diff --git a/src/Components/test/E2ETest/ServerRenderingTests/AuthTests/ServerRenderedAuthenticationStateTest.cs b/src/Components/test/E2ETest/ServerRenderingTests/AuthTests/ServerRenderedAuthenticationStateTest.cs
index 378b146dd787..931b2368c241 100644
--- a/src/Components/test/E2ETest/ServerRenderingTests/AuthTests/ServerRenderedAuthenticationStateTest.cs
+++ b/src/Components/test/E2ETest/ServerRenderingTests/AuthTests/ServerRenderedAuthenticationStateTest.cs
@@ -2,12 +2,12 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using Components.TestServer.RazorComponents;
-using Microsoft.AspNetCore.Components.E2ETest.Infrastructure.ServerFixtures;
 using Microsoft.AspNetCore.Components.E2ETest.Infrastructure;
-using TestServer;
+using Microsoft.AspNetCore.Components.E2ETest.Infrastructure.ServerFixtures;
 using Microsoft.AspNetCore.E2ETesting;
-using Xunit.Abstractions;
 using OpenQA.Selenium;
+using TestServer;
+using Xunit.Abstractions;
 
 namespace Microsoft.AspNetCore.Components.E2ETests.ServerRenderingTests.AuthTests;
 
@@ -20,46 +20,90 @@ public ServerRenderedAuthenticationStateTest(
         ITestOutputHelper output)
         : base(browserFixture, serverFixture, output)
     {
+        // Test with AuthenticationStateSerializationOptions.SerializeAllClaims = true since that keeps the Server and WebAssembly
+        // behavior as similar as possible. The default behavior is tested by DefaultAuthenticationStateSerializationOptionsTest.
+        serverFixture.AdditionalArguments.Add("SerializeAllClaims=true");
+    }
+
+    [Theory]
+    [InlineData("Static")]
+    [InlineData("Server")]
+    [InlineData("WebAssembly")]
+    public void CanUseServerAuthenticationState(string platform)
+    {
+        var pageName = $"{platform}{(platform != "Static" ? "-interactive" : "")}-authentication-state";
+        Navigate($"{ServerPathBase}/auth/{pageName}");
+
+        VerifyLoggedOut(platform);
+
+        Browser.Click(By.LinkText("Log in"));
+
+        VerifyLoggedIn(platform);
+
+        Browser.Click(By.LinkText("Log out"));
+
+        VerifyLoggedOut(platform);
     }
 
     [Fact]
-    public void CanUseServerAuthenticationState_Static()
+    public void CanUseCustomNameAndRoleTypeOnWebAssembly()
     {
-        Navigate($"{ServerPathBase}/auth/static-authentication-state");
+        Navigate($"{ServerPathBase}/auth/webassembly-interactive-authentication-state?roleClaimType=role&nameClaimType=name");
 
-        Browser.Equal("False", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
-        Browser.Equal("", () => Browser.FindElement(By.Id("identity-name")).Text);
-        Browser.Equal("(none)", () => Browser.FindElement(By.Id("test-claim")).Text);
+        VerifyLoggedOut("WebAssembly");
         
         Browser.Click(By.LinkText("Log in"));
 
-        Browser.Equal("True", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
-        Browser.Equal("YourUsername", () => Browser.FindElement(By.Id("identity-name")).Text);
-        Browser.Equal("Test claim value", () => Browser.FindElement(By.Id("test-claim")).Text);
+        VerifyLoggedIn("WebAssembly");
+        Browser.Equal("(none)", () => Browser.FindElement(By.Id("additional-claim")).Text);
 
         Browser.Click(By.LinkText("Log out"));
-        Browser.Equal("False", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
+
+        VerifyLoggedOut("WebAssembly");
     }
 
     [Fact]
-    public void CanUseServerAuthenticationState_Interactive()
+    public void CanCustomizeAuthenticationStateDeserialization()
     {
-        Navigate($"{ServerPathBase}/auth/interactive-authentication-state");
+        Navigate($"{ServerPathBase}/auth/webassembly-interactive-authentication-state?additionalClaim=Custom%20claim%20value");
+
+        VerifyLoggedOut("WebAssembly");
+        Browser.Equal("(none)", () => Browser.FindElement(By.Id("additional-claim")).Text);
+
+        Browser.Click(By.LinkText("Log in"));
+
+        VerifyLoggedIn("WebAssembly");
+        Browser.Equal("Custom claim value", () => Browser.FindElement(By.Id("additional-claim")).Text);
 
-        Browser.Equal("True", () => Browser.FindElement(By.Id("is-interactive")).Text);
+        Browser.Click(By.LinkText("Log out"));
+
+        VerifyLoggedOut("WebAssembly");
+        Browser.Equal("(none)", () => Browser.FindElement(By.Id("additional-claim")).Text);
+    }
+
+    private void VerifyPlatform(string platform)
+    {
+        Browser.Equal((platform != "Static").ToString(), () => Browser.FindElement(By.Id("is-interactive")).Text);
+        Browser.Equal(platform, () => Browser.FindElement(By.Id("platform")).Text);
+    }
+
+    private void VerifyLoggedOut(string platform)
+    {
+        VerifyPlatform(platform);
         Browser.Equal("False", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
         Browser.Equal("", () => Browser.FindElement(By.Id("identity-name")).Text);
         Browser.Equal("(none)", () => Browser.FindElement(By.Id("test-claim")).Text);
+        Browser.Equal("False", () => Browser.FindElement(By.Id("is-in-test-role-1")).Text);
+        Browser.Equal("False", () => Browser.FindElement(By.Id("is-in-test-role-2")).Text);
+    }
 
-        Browser.Click(By.LinkText("Log in"));
-
-        Browser.Equal("True", () => Browser.FindElement(By.Id("is-interactive")).Text);
+    private void VerifyLoggedIn(string platform)
+    {
+        VerifyPlatform(platform);
         Browser.Equal("True", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
         Browser.Equal("YourUsername", () => Browser.FindElement(By.Id("identity-name")).Text);
         Browser.Equal("Test claim value", () => Browser.FindElement(By.Id("test-claim")).Text);
-
-        Browser.Click(By.LinkText("Log out"));
-        Browser.Equal("True", () => Browser.FindElement(By.Id("is-interactive")).Text);
-        Browser.Equal("False", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
+        Browser.Equal("True", () => Browser.FindElement(By.Id("is-in-test-role-1")).Text);
+        Browser.Equal("True", () => Browser.FindElement(By.Id("is-in-test-role-2")).Text);
     }
 }
diff --git a/src/Components/test/E2ETest/ServerRenderingTests/NoInteractivityTest.cs b/src/Components/test/E2ETest/ServerRenderingTests/NoInteractivityTest.cs
index 2a10978617cd..b0f887da31df 100644
--- a/src/Components/test/E2ETest/ServerRenderingTests/NoInteractivityTest.cs
+++ b/src/Components/test/E2ETest/ServerRenderingTests/NoInteractivityTest.cs
@@ -5,7 +5,6 @@
 using Microsoft.AspNetCore.Components.E2ETest.Infrastructure;
 using Microsoft.AspNetCore.Components.E2ETest.Infrastructure.ServerFixtures;
 using Microsoft.AspNetCore.E2ETesting;
-using Microsoft.AspNetCore.InternalTesting;
 using OpenQA.Selenium;
 using TestServer;
 using Xunit.Abstractions;
@@ -41,4 +40,27 @@ public void NavigationManagerCanRefreshSSRPageWhenInteractivityNotPresent()
         Browser.NotEqual(guid, () => Browser.Exists(By.Id("guid")).Text);
         Browser.Equal("GET", () => Browser.Exists(By.Id("method")).Text);
     }
+
+    [Fact]
+    public void CanUseServerAuthenticationStateByDefault()
+    {
+        Navigate($"{ServerPathBase}/auth/static-authentication-state");
+
+        Browser.Equal("False", () => Browser.FindElement(By.Id("is-interactive")).Text);
+        Browser.Equal("Static", () => Browser.FindElement(By.Id("platform")).Text);
+
+        Browser.Equal("False", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
+        Browser.Equal("", () => Browser.FindElement(By.Id("identity-name")).Text);
+        Browser.Equal("(none)", () => Browser.FindElement(By.Id("test-claim")).Text);
+        Browser.Equal("False", () => Browser.FindElement(By.Id("is-in-test-role-1")).Text);
+        Browser.Equal("False", () => Browser.FindElement(By.Id("is-in-test-role-2")).Text);
+
+        Browser.Click(By.LinkText("Log in"));
+
+        Browser.Equal("True", () => Browser.FindElement(By.Id("identity-authenticated")).Text);
+        Browser.Equal("YourUsername", () => Browser.FindElement(By.Id("identity-name")).Text);
+        Browser.Equal("Test claim value", () => Browser.FindElement(By.Id("test-claim")).Text);
+        Browser.Equal("True", () => Browser.FindElement(By.Id("is-in-test-role-1")).Text);
+        Browser.Equal("True", () => Browser.FindElement(By.Id("is-in-test-role-2")).Text);
+    }
 }
diff --git a/src/Components/test/testassets/BasicTestApp/AuthTest/CascadingAuthenticationStateConsumer.razor b/src/Components/test/testassets/BasicTestApp/AuthTest/CascadingAuthenticationStateConsumer.razor
index 48852bf72908..1cc0035b7f4f 100644
--- a/src/Components/test/testassets/BasicTestApp/AuthTest/CascadingAuthenticationStateConsumer.razor
+++ b/src/Components/test/testassets/BasicTestApp/AuthTest/CascadingAuthenticationStateConsumer.razor
@@ -1,48 +1,4 @@
 @page "/CascadingAuthenticationStateConsumer"
-@using System.Security.Claims
-@using Microsoft.AspNetCore.Components.Authorization
+@using TestContentPackage
 
-<h1>Cascading authentication state</h1>
-
-@if (user == null)
-{
-    <span id="auth-state-pending">Requesting authentication state...</span>
-}
-else
-{
-    <p>
-        Authenticated:
-        <strong id="identity-authenticated">@user.Identity.IsAuthenticated</strong>
-    </p>
-
-    <p>
-        Name:
-        <strong id="identity-name">@user.Identity.Name</strong>
-    </p>
-
-    <p>
-        Test claim:
-        @if (user.HasClaim(TestClaimPredicate) == true)
-        {
-            <strong id="test-claim">@user.Claims.Single(c => TestClaimPredicate(c)).Value</strong>
-        }
-        else
-        {
-            <strong id="test-claim">(none)</strong>
-        }
-    </p>
-}
-
-@code
-{
-    static Predicate<Claim> TestClaimPredicate = c => c.Type == "test-claim";
-
-    ClaimsPrincipal user;
-
-    [CascadingParameter] Task<AuthenticationState> AuthenticationStateTask { get; set; }
-
-    protected override async Task OnParametersSetAsync()
-    {
-        user = (await AuthenticationStateTask).User;
-    }
-}
+<CascadingAuthenticationStateReader />
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsNoInteractivityStartup.cs b/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsNoInteractivityStartup.cs
index 00c9fe461b31..c4af233c40fe 100644
--- a/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsNoInteractivityStartup.cs
+++ b/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsNoInteractivityStartup.cs
@@ -31,6 +31,7 @@ public void ConfigureServices(IServiceCollection services)
             options.MaxFormMappingCollectionSize = 100;
         });
         services.AddHttpContextAccessor();
+        services.AddCascadingAuthenticationState();
     }
 
     // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -54,6 +55,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
             app.UseStaticFiles();
             app.UseRouting();
+            RazorComponentEndpointsStartup<TRootComponent>.UseFakeAuthState(app);
             app.UseAntiforgery();
             app.UseEndpoints(endpoints =>
             {
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsStartup.cs b/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsStartup.cs
index 04d13dbf835f..7a9463136a36 100644
--- a/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsStartup.cs
+++ b/src/Components/test/testassets/Components.TestServer/RazorComponentEndpointsStartup.cs
@@ -33,7 +33,13 @@ public void ConfigureServices(IServiceCollection services)
             options.MaxFormMappingCollectionSize = 100;
         })
             .AddInteractiveWebAssemblyComponents()
-            .AddInteractiveServerComponents();
+            .AddInteractiveServerComponents()
+            .AddAuthenticationStateSerialization(options =>
+            {
+                bool.TryParse(Configuration["SerializeAllClaims"], out var serializeAllClaims);
+                options.SerializeAllClaims = serializeAllClaims;
+            });
+
         services.AddHttpContextAccessor();
         services.AddSingleton<AsyncOperationService>();
         services.AddCascadingAuthenticationState();
@@ -103,18 +109,21 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         });
     }
 
-    private static void UseFakeAuthState(IApplicationBuilder app)
+    internal static void UseFakeAuthState(IApplicationBuilder app)
     {
         app.Use((HttpContext context, Func<Task> next) =>
         {
             // Completely insecure fake auth system with no password for tests. Do not do anything like this in real apps.
             // It accepts a query parameter 'username' and then sets or deletes a cookie to hold that, and supplies a principal
             // using this username (taken either from the cookie or query param).
+            string GetQueryOrDefault(string queryKey, string defaultValue) =>
+                context.Request.Query.TryGetValue(queryKey, out var value) ? value : defaultValue;
+
             const string cookieKey = "fake_username";
-            context.Request.Cookies.TryGetValue(cookieKey, out var username);
-            if (context.Request.Query.TryGetValue("username", out var usernameFromQuery))
+            var username = GetQueryOrDefault("username", context.Request.Cookies[cookieKey]);
+
+            if (context.Request.Query.ContainsKey("username"))
             {
-                username = usernameFromQuery;
                 if (string.IsNullOrEmpty(username))
                 {
                     context.Response.Cookies.Delete(cookieKey);
@@ -126,15 +135,20 @@ private static void UseFakeAuthState(IApplicationBuilder app)
                 }
             }
 
+            var nameClaimType = GetQueryOrDefault("nameClaimType", ClaimTypes.Name);
+            var roleClaimType = GetQueryOrDefault("roleClaimType", ClaimTypes.Role);
+
             if (!string.IsNullOrEmpty(username))
             {
                 var claims = new List<Claim>
                 {
-                    new Claim(ClaimTypes.Name, username),
+                    new Claim(nameClaimType, username),
+                    new Claim(roleClaimType, "test-role-1"),
+                    new Claim(roleClaimType, "test-role-2"),
                     new Claim("test-claim", "Test claim value"),
                 };
 
-                context.User = new ClaimsPrincipal(new ClaimsIdentity(claims, "FakeAuthenticationType"));
+                context.User = new ClaimsPrincipal(new ClaimsIdentity(claims, "FakeAuthenticationType", nameClaimType, roleClaimType));
             }
 
             return next();
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor b/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor
index 094bb249394f..d0344cb014c3 100644
--- a/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor
+++ b/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor
@@ -18,6 +18,10 @@
     <script src="_framework/blazor.web.js" autostart="false" suppress-error="BL9992"></script>
     <script src="_content/TestContentPackage/counterInterop.js"></script>
     <script>
+        function getQueryParam(key) {
+            return new URLSearchParams(window.location.search).get(key);
+        }
+
         function appendHiddenParagraph(id) {
             const paragraph = document.createElement('p');
             paragraph.id = id;
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/InteractiveAuthenticationState.razor b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/InteractiveAuthenticationState.razor
deleted file mode 100644
index fe40adaaa847..000000000000
--- a/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/InteractiveAuthenticationState.razor
+++ /dev/null
@@ -1,30 +0,0 @@
-@page "/auth/interactive-authentication-state"
-@rendermode RenderMode.InteractiveServer
-@inject NavigationManager Nav
-@using BasicTestApp.AuthTest
-
-<h3>Interactive authentication state</h3>
-<CascadingAuthenticationStateConsumer />
-
-<p>
-    Interactive:
-    <strong id="is-interactive">@_interactive</strong>
-</p>
-
-<hr />
-
-<a href="@Nav.GetUriWithQueryParameter("username", "YourUsername")" onclick="location.reload()">Log in</a> |
-<a href="@Nav.GetUriWithQueryParameter("username", "")" onclick="location.reload()">Log out</a>
-
-@code {
-    bool _interactive = false;
-
-    protected override void OnAfterRender(bool firstRender)
-    {
-        if (firstRender)
-        {
-            _interactive = true;
-            StateHasChanged();
-        }
-    }
-}
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/ServerInteractiveAuthenticationState.razor b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/ServerInteractiveAuthenticationState.razor
new file mode 100644
index 000000000000..c6eb81de0336
--- /dev/null
+++ b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/ServerInteractiveAuthenticationState.razor
@@ -0,0 +1,6 @@
+@page "/auth/server-interactive-authentication-state"
+@rendermode RenderMode.InteractiveServer
+@using TestContentPackage
+
+<h3>Server interactive authentication state</h3>
+<CascadingAuthenticationStateReader />
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/StaticAuthenticationState.razor b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/StaticAuthenticationState.razor
index b374bf50bab7..d967a5c1c96c 100644
--- a/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/StaticAuthenticationState.razor
+++ b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/StaticAuthenticationState.razor
@@ -1,11 +1,5 @@
 @page "/auth/static-authentication-state"
-@inject NavigationManager Nav
-@using BasicTestApp.AuthTest
+@using TestContentPackage
 
 <h3>Static authentication state</h3>
-<CascadingAuthenticationStateConsumer />
-
-<hr />
-
-<a href="@Nav.GetUriWithQueryParameter("username", "YourUsername")">Log in</a> |
-<a href="@Nav.GetUriWithQueryParameter("username", "")">Log out</a>
+<CascadingAuthenticationStateReader />
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/WebAssemblyInteractiveAuthenticationState.razor b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/WebAssemblyInteractiveAuthenticationState.razor
new file mode 100644
index 000000000000..7d186d1196ab
--- /dev/null
+++ b/src/Components/test/testassets/Components.TestServer/RazorComponents/Pages/Auth/WebAssemblyInteractiveAuthenticationState.razor
@@ -0,0 +1,5 @@
+@page "/auth/webassembly-interactive-authentication-state"
+@using TestContentPackage
+
+<h3>WebAssembly interactive authentication state</h3>
+<CascadingAuthenticationStateReader @rendermode="@RenderMode.InteractiveWebAssembly" />
diff --git a/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj b/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj
index 3b5fd66e8188..0ec1746919d6 100644
--- a/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj
+++ b/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj
@@ -9,6 +9,7 @@
 
   <ItemGroup>
     <Reference Include="Microsoft.AspNetCore.Components.WebAssembly" />
+    <Reference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Components/test/testassets/Components.WasmMinimal/Program.cs b/src/Components/test/testassets/Components.WasmMinimal/Program.cs
index 0dc0d12a030a..c8d6d67523f5 100644
--- a/src/Components/test/testassets/Components.WasmMinimal/Program.cs
+++ b/src/Components/test/testassets/Components.WasmMinimal/Program.cs
@@ -1,10 +1,29 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Security.Claims;
 using Components.TestServer.Services;
 using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
+using Microsoft.AspNetCore.Components.WebAssembly.Services;
 
 var builder = WebAssemblyHostBuilder.CreateDefault(args);
 builder.Services.AddSingleton<AsyncOperationService>();
+builder.Services.AddCascadingAuthenticationState();
+
+var additionalClaim = DefaultWebAssemblyJSRuntime.Instance.Invoke<string>("getQueryParam", "additionalClaim");
+
+builder.Services.AddAuthenticationStateDeserialization(options =>
+{
+    var originalCallback = options.DeserializationCallback;
+    options.DeserializationCallback = async authenticationStateData =>
+    {
+        var authenticationState = await originalCallback(authenticationStateData);
+        if (!string.IsNullOrEmpty(additionalClaim))
+        {
+            authenticationState.User.Identities.First().AddClaim(new Claim("additional-claim", additionalClaim));
+        }
+        return authenticationState;
+    };
+});
 
 await builder.Build().RunAsync();
diff --git a/src/Components/test/testassets/TestContentPackage/CascadingAuthenticationStateReader.razor b/src/Components/test/testassets/TestContentPackage/CascadingAuthenticationStateReader.razor
new file mode 100644
index 000000000000..9f0e4830afea
--- /dev/null
+++ b/src/Components/test/testassets/TestContentPackage/CascadingAuthenticationStateReader.razor
@@ -0,0 +1,88 @@
+@using System.Security.Claims
+@using Microsoft.AspNetCore.Components.Authorization
+
+@inject NavigationManager Nav
+
+<h1>Cascading authentication state</h1>
+
+@if (user == null)
+{
+    <span id="auth-state-pending">Requesting authentication state...</span>
+}
+else
+{
+    <p>
+        Authenticated:
+        <strong id="identity-authenticated">@user.Identity.IsAuthenticated</strong>
+    </p>
+
+    <p>
+        Name:
+        <strong id="identity-name">@user.Identity.Name</strong>
+    </p>
+
+    <p>
+        Test claim:
+        @if (user.HasClaim(TestClaimPredicate))
+        {
+            <strong id="test-claim">@user.Claims.Single(c => TestClaimPredicate(c)).Value</strong>
+        }
+        else
+        {
+            <strong id="test-claim">(none)</strong>
+        }
+    </p>
+
+    <p>
+        Additional claim:
+        @if (user.HasClaim(AdditionalClaimPredicate))
+        {
+            <strong id="additional-claim">@user.Claims.Single(c => AdditionalClaimPredicate(c)).Value</strong>
+        }
+        else
+        {
+            <strong id="additional-claim">(none)</strong>
+        }
+    </p>
+
+    <p>
+        Is in test-role-1:
+        <strong id="is-in-test-role-1">@user.IsInRole("test-role-1")</strong>
+    </p>
+
+    <p>
+        Is in test-role-2:
+        <strong id="is-in-test-role-2">@user.IsInRole("test-role-2")</strong>
+    </p>
+}
+
+<p>
+    Interactive:
+    <strong id="is-interactive">@Platform.IsInteractive</strong>
+</p>
+
+
+<p>
+    Platform:
+    <strong id="platform">@Platform.Name</strong>
+</p>
+
+<hr />
+
+<a href="@Nav.GetUriWithQueryParameter("username", "YourUsername")" data-enhance-nav="false">Log in</a> |
+<a href="@Nav.GetUriWithQueryParameter("username", "")" data-enhance-nav="false">Log out</a>
+
+@code
+{
+    static readonly Predicate<Claim> TestClaimPredicate = c => c.Type == "test-claim";
+    static readonly Predicate<Claim> AdditionalClaimPredicate = c => c.Type == "additional-claim";
+
+    ClaimsPrincipal user;
+
+    [CascadingParameter] Task<AuthenticationState> AuthenticationStateTask { get; set; }
+
+    protected override async Task OnParametersSetAsync()
+    {
+        user = (await AuthenticationStateTask).User;
+    }
+}
diff --git a/src/Components/test/testassets/TestContentPackage/TestContentPackage.csproj b/src/Components/test/testassets/TestContentPackage/TestContentPackage.csproj
index fb414caa7ee8..a8906c8338fb 100644
--- a/src/Components/test/testassets/TestContentPackage/TestContentPackage.csproj
+++ b/src/Components/test/testassets/TestContentPackage/TestContentPackage.csproj
@@ -12,6 +12,7 @@
 
   <ItemGroup>
     <Reference Include="Microsoft.AspNetCore.Components" />
+    <Reference Include="Microsoft.AspNetCore.Components.Authorization" />
     <Reference Include="Microsoft.AspNetCore.Components.Web" />
   </ItemGroup>
 

From f47e14cac9a7bfd9829d9b21eacd2c2bf6cd3751 Mon Sep 17 00:00:00 2001
From: Stephen Halter <halter73@gmail.com>
Date: Tue, 21 May 2024 08:38:35 -0700
Subject: [PATCH 2/3] Update Blazor project templates to use built-in providers

---
 ...orComponentsServiceCollectionExtensions.cs |   1 +
 .../PersistentAuthenticationStateProvider.cs  |  40 -------
 .../BlazorWeb-CSharp.Client/Program.cs        |   6 +-
 ...RevalidatingAuthenticationStateProvider.cs | 109 ------------------
 ...istingServerAuthenticationStateProvider.cs |  70 -----------
 .../BlazorWeb-CSharp/Program.Main.cs          |  28 ++---
 .../BlazorWeb-CSharp/Program.cs               |  24 ++--
 .../Templates.Tests/template-baselines.json   |  13 +--
 8 files changed, 25 insertions(+), 266 deletions(-)
 delete mode 100644 src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs
 delete mode 100644 src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs
 delete mode 100644 src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingServerAuthenticationStateProvider.cs

diff --git a/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs b/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
index 9582ba579942..f0378c4ccf45 100644
--- a/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
+++ b/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
@@ -40,6 +40,7 @@ public static IRazorComponentsBuilder AddRazorComponents(this IServiceCollection
         // Dependencies
         services.AddLogging();
         services.AddAntiforgery();
+        services.AddAuthorizationCore();
 
         services.TryAddSingleton<RazorComponentsMarkerService>();
 
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs
deleted file mode 100644
index d97e09a6fc43..000000000000
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs
+++ /dev/null
@@ -1,40 +0,0 @@
-using System.Security.Claims;
-using Microsoft.AspNetCore.Components;
-using Microsoft.AspNetCore.Components.Authorization;
-
-namespace BlazorWeb_CSharp.Client;
-
-// This is a client-side AuthenticationStateProvider that determines the user's authentication state by
-// looking for data persisted in the page when it was rendered on the server. This authentication state will
-// be fixed for the lifetime of the WebAssembly application. So, if the user needs to log in or out, a full
-// page reload is required.
-//
-// This only provides a user name and email for display purposes. It does not actually include any tokens
-// that authenticate to the server when making subsequent requests. That works separately using a
-// cookie that will be included on HttpClient requests to the server.
-internal class PersistentAuthenticationStateProvider : AuthenticationStateProvider
-{
-    private static readonly Task<AuthenticationState> defaultUnauthenticatedTask =
-        Task.FromResult(new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity())));
-
-    private readonly Task<AuthenticationState> authenticationStateTask = defaultUnauthenticatedTask;
-
-    public PersistentAuthenticationStateProvider(PersistentComponentState state)
-    {
-        if (!state.TryTakeFromJson<UserInfo>(nameof(UserInfo), out var userInfo) || userInfo is null)
-        {
-            return;
-        }
-
-        Claim[] claims = [
-            new Claim(ClaimTypes.NameIdentifier, userInfo.UserId),
-            new Claim(ClaimTypes.Name, userInfo.Email),
-            new Claim(ClaimTypes.Email, userInfo.Email) ];
-
-        authenticationStateTask = Task.FromResult(
-            new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity(claims,
-                authenticationType: nameof(PersistentAuthenticationStateProvider)))));
-    }
-
-    public override Task<AuthenticationState> GetAuthenticationStateAsync() => authenticationStateTask;
-}
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.cs
index 600e37d36537..19becf2331ec 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.cs
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.cs
@@ -1,7 +1,3 @@
-#if (IndividualLocalAuth)
-using BlazorWeb_CSharp.Client;
-using Microsoft.AspNetCore.Components.Authorization;
-#endif
 using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
 
 var builder = WebAssemblyHostBuilder.CreateDefault(args);
@@ -9,7 +5,7 @@
 #if (IndividualLocalAuth)
 builder.Services.AddAuthorizationCore();
 builder.Services.AddCascadingAuthenticationState();
-builder.Services.AddSingleton<AuthenticationStateProvider, PersistentAuthenticationStateProvider>();
+builder.Services.AddAuthenticationStateDeserialization();
 
 #endif
 await builder.Build().RunAsync();
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs
deleted file mode 100644
index 32439c3c5322..000000000000
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs
+++ /dev/null
@@ -1,109 +0,0 @@
-using System.Diagnostics;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Components;
-using Microsoft.AspNetCore.Components.Authorization;
-using Microsoft.AspNetCore.Components.Server;
-using Microsoft.AspNetCore.Components.Web;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.Options;
-using BlazorWeb_CSharp.Client;
-using BlazorWeb_CSharp.Data;
-
-namespace BlazorWeb_CSharp.Components.Account;
-
-// This is a server-side AuthenticationStateProvider that revalidates the security stamp for the connected user
-// every 30 minutes an interactive circuit is connected. It also uses PersistentComponentState to flow the
-// authentication state to the client which is then fixed for the lifetime of the WebAssembly application.
-internal sealed class PersistingRevalidatingAuthenticationStateProvider : RevalidatingServerAuthenticationStateProvider
-{
-    private readonly IServiceScopeFactory scopeFactory;
-    private readonly PersistentComponentState state;
-    private readonly IdentityOptions options;
-
-    private readonly PersistingComponentStateSubscription subscription;
-
-    private Task<AuthenticationState>? authenticationStateTask;
-
-    public PersistingRevalidatingAuthenticationStateProvider(
-        ILoggerFactory loggerFactory,
-        IServiceScopeFactory serviceScopeFactory,
-        PersistentComponentState persistentComponentState,
-        IOptions<IdentityOptions> optionsAccessor)
-        : base(loggerFactory)
-    {
-        scopeFactory = serviceScopeFactory;
-        state = persistentComponentState;
-        options = optionsAccessor.Value;
-
-        AuthenticationStateChanged += OnAuthenticationStateChanged;
-        subscription = state.RegisterOnPersisting(OnPersistingAsync, RenderMode.InteractiveWebAssembly);
-    }
-
-    protected override TimeSpan RevalidationInterval => TimeSpan.FromMinutes(30);
-
-    protected override async Task<bool> ValidateAuthenticationStateAsync(
-        AuthenticationState authenticationState, CancellationToken cancellationToken)
-    {
-        // Get the user manager from a new scope to ensure it fetches fresh data
-        await using var scope = scopeFactory.CreateAsyncScope();
-        var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>();
-        return await ValidateSecurityStampAsync(userManager, authenticationState.User);
-    }
-
-    private async Task<bool> ValidateSecurityStampAsync(UserManager<ApplicationUser> userManager, ClaimsPrincipal principal)
-    {
-        var user = await userManager.GetUserAsync(principal);
-        if (user is null)
-        {
-            return false;
-        }
-        else if (!userManager.SupportsUserSecurityStamp)
-        {
-            return true;
-        }
-        else
-        {
-            var principalStamp = principal.FindFirstValue(options.ClaimsIdentity.SecurityStampClaimType);
-            var userStamp = await userManager.GetSecurityStampAsync(user);
-            return principalStamp == userStamp;
-        }
-    }
-
-    private void OnAuthenticationStateChanged(Task<AuthenticationState> task)
-    {
-        authenticationStateTask = task;
-    }
-
-    private async Task OnPersistingAsync()
-    {
-        if (authenticationStateTask is null)
-        {
-            throw new UnreachableException($"Authentication state not set in {nameof(OnPersistingAsync)}().");
-        }
-
-        var authenticationState = await authenticationStateTask;
-        var principal = authenticationState.User;
-
-        if (principal.Identity?.IsAuthenticated == true)
-        {
-            var userId = principal.FindFirst(options.ClaimsIdentity.UserIdClaimType)?.Value;
-            var email = principal.FindFirst(options.ClaimsIdentity.EmailClaimType)?.Value;
-
-            if (userId != null && email != null)
-            {
-                state.PersistAsJson(nameof(UserInfo), new UserInfo
-                {
-                    UserId = userId,
-                    Email = email,
-                });
-            }
-        }
-    }
-
-    protected override void Dispose(bool disposing)
-    {
-        subscription.Dispose();
-        AuthenticationStateChanged -= OnAuthenticationStateChanged;
-        base.Dispose(disposing);
-    }
-}
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingServerAuthenticationStateProvider.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingServerAuthenticationStateProvider.cs
deleted file mode 100644
index c7e967e77ace..000000000000
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingServerAuthenticationStateProvider.cs
+++ /dev/null
@@ -1,70 +0,0 @@
-using System.Diagnostics;
-using Microsoft.AspNetCore.Components;
-using Microsoft.AspNetCore.Components.Authorization;
-using Microsoft.AspNetCore.Components.Server;
-using Microsoft.AspNetCore.Components.Web;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.Options;
-using BlazorWeb_CSharp.Client;
-
-namespace BlazorWeb_CSharp.Components.Account;
-
-// This is a server-side AuthenticationStateProvider that uses PersistentComponentState to flow the
-// authentication state to the client which is then fixed for the lifetime of the WebAssembly application.
-internal sealed class PersistingServerAuthenticationStateProvider : ServerAuthenticationStateProvider, IDisposable
-{
-    private readonly PersistentComponentState state;
-    private readonly IdentityOptions options;
-
-    private readonly PersistingComponentStateSubscription subscription;
-
-    private Task<AuthenticationState>? authenticationStateTask;
-
-    public PersistingServerAuthenticationStateProvider(
-        PersistentComponentState persistentComponentState,
-        IOptions<IdentityOptions> optionsAccessor)
-    {
-        state = persistentComponentState;
-        options = optionsAccessor.Value;
-
-        AuthenticationStateChanged += OnAuthenticationStateChanged;
-        subscription = state.RegisterOnPersisting(OnPersistingAsync, RenderMode.InteractiveWebAssembly);
-    }
-
-    private void OnAuthenticationStateChanged(Task<AuthenticationState> task)
-    {
-        authenticationStateTask = task;
-    }
-
-    private async Task OnPersistingAsync()
-    {
-        if (authenticationStateTask is null)
-        {
-            throw new UnreachableException($"Authentication state not set in {nameof(OnPersistingAsync)}().");
-        }
-
-        var authenticationState = await authenticationStateTask;
-        var principal = authenticationState.User;
-
-        if (principal.Identity?.IsAuthenticated == true)
-        {
-            var userId = principal.FindFirst(options.ClaimsIdentity.UserIdClaimType)?.Value;
-            var email = principal.FindFirst(options.ClaimsIdentity.EmailClaimType)?.Value;
-
-            if (userId != null && email != null)
-            {
-                state.PersistAsJson(nameof(UserInfo), new UserInfo
-                {
-                    UserId = userId,
-                    Email = email,
-                });
-            }
-        }
-    }
-
-    public void Dispose()
-    {
-        subscription.Dispose();
-        AuthenticationStateChanged -= OnAuthenticationStateChanged;
-    }
-}
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs
index fdd657fda6b0..ff1f15e9598f 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs
@@ -1,8 +1,4 @@
 #if (IndividualLocalAuth)
-using Microsoft.AspNetCore.Components.Authorization;
-#if (!UseServer && !UseWebAssembly)
-using Microsoft.AspNetCore.Components.Server;
-#endif
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 #endif
@@ -28,12 +24,19 @@ public static void Main(string[] args)
         builder.Services.AddRazorComponents();
         #else
         builder.Services.AddRazorComponents()
-          #if (UseServer && UseWebAssembly)
+          #if (UseServer && UseWebAssembly && IndividualLocalAuth)
+            .AddInteractiveServerComponents()
+            .AddInteractiveWebAssemblyComponents()
+            .AddAuthenticationStateSerialization();
+          #elif (UseServer && UseWebAssembly)
             .AddInteractiveServerComponents()
             .AddInteractiveWebAssemblyComponents();
-          #elif(UseServer)
+          #elif (UseServer)
             .AddInteractiveServerComponents();
-          #elif(UseWebAssembly)
+          #elif (UseWebAssembly && IndividualLocalAuth)
+            .AddInteractiveWebAssemblyComponents()
+            .AddAuthenticationStateSerialization();
+          #elif (UseWebAssembly)
             .AddInteractiveWebAssemblyComponents();
           #endif
         #endif
@@ -42,19 +45,10 @@ public static void Main(string[] args)
         builder.Services.AddCascadingAuthenticationState();
         builder.Services.AddScoped<IdentityUserAccessor>();
         builder.Services.AddScoped<IdentityRedirectManager>();
-        #if (UseServer && UseWebAssembly)
-        builder.Services.AddScoped<AuthenticationStateProvider, PersistingRevalidatingAuthenticationStateProvider>();
-        #elif (UseServer)
+        #if (UseServer)
         builder.Services.AddScoped<AuthenticationStateProvider, IdentityRevalidatingAuthenticationStateProvider>();
-        #elif (UseWebAssembly)
-        builder.Services.AddScoped<AuthenticationStateProvider, PersistingServerAuthenticationStateProvider>();
-        #else
-        builder.Services.AddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>();
         #endif
 
-        #if (!UseServer)
-        builder.Services.AddAuthorization();
-        #endif
         builder.Services.AddAuthentication(options =>
             {
                 options.DefaultScheme = IdentityConstants.ApplicationScheme;
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs
index f655b04cb591..f6a584298641 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs
@@ -1,8 +1,4 @@
 #if (IndividualLocalAuth)
-using Microsoft.AspNetCore.Components.Authorization;
-#if (!UseServer && !UseWebAssembly)
-using Microsoft.AspNetCore.Components.Server;
-#endif
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 #endif
@@ -22,11 +18,18 @@
 builder.Services.AddRazorComponents();
 #else
 builder.Services.AddRazorComponents()
-    #if (UseServer && UseWebAssembly)
+    #if (UseServer && UseWebAssembly && IndividualLocalAuth)
+    .AddInteractiveServerComponents()
+    .AddInteractiveWebAssemblyComponents()
+    .AddAuthenticationStateSerialization();
+    #elif (UseServer && UseWebAssembly)
     .AddInteractiveServerComponents()
     .AddInteractiveWebAssemblyComponents();
     #elif (UseServer)
     .AddInteractiveServerComponents();
+    #elif (UseWebAssembly && IndividualLocalAuth)
+    .AddInteractiveWebAssemblyComponents()
+    .AddAuthenticationStateSerialization();
     #elif (UseWebAssembly)
     .AddInteractiveWebAssemblyComponents();
     #endif
@@ -36,19 +39,10 @@
 builder.Services.AddCascadingAuthenticationState();
 builder.Services.AddScoped<IdentityUserAccessor>();
 builder.Services.AddScoped<IdentityRedirectManager>();
-#if (UseServer && UseWebAssembly)
-builder.Services.AddScoped<AuthenticationStateProvider, PersistingRevalidatingAuthenticationStateProvider>();
-#elif (UseServer)
+#if (UseServer)
 builder.Services.AddScoped<AuthenticationStateProvider, IdentityRevalidatingAuthenticationStateProvider>();
-#elif (UseWebAssembly)
-builder.Services.AddScoped<AuthenticationStateProvider, PersistingServerAuthenticationStateProvider>();
-#else
-builder.Services.AddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>();
 #endif
 
-#if (!UseServer)
-builder.Services.AddAuthorization();
-#endif
 builder.Services.AddAuthentication(options =>
     {
         options.DefaultScheme = IdentityConstants.ApplicationScheme;
diff --git a/src/ProjectTemplates/test/Templates.Tests/template-baselines.json b/src/ProjectTemplates/test/Templates.Tests/template-baselines.json
index 45f7d6a7e665..95f69148d44c 100644
--- a/src/ProjectTemplates/test/Templates.Tests/template-baselines.json
+++ b/src/ProjectTemplates/test/Templates.Tests/template-baselines.json
@@ -822,7 +822,6 @@
         "{ProjectName}.Client/{ProjectName}.Client.csproj",
         "{ProjectName}.Client/Pages/Auth.razor",
         "{ProjectName}.Client/Pages/Counter.razor",
-        "{ProjectName}.Client/PersistentAuthenticationStateProvider.cs",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
         "{ProjectName}.Client/UserInfo.cs",
@@ -867,7 +866,6 @@
         "{ProjectName}/Components/Account/Pages/ResetPassword.razor",
         "{ProjectName}/Components/Account/Pages/ResetPasswordConfirmation.razor",
         "{ProjectName}/Components/Account/Pages/_Imports.razor",
-        "{ProjectName}/Components/Account/PersistingServerAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/Shared/ExternalLoginPicker.razor",
         "{ProjectName}/Components/Account/Shared/ManageLayout.razor",
         "{ProjectName}/Components/Account/Shared/ManageNavMenu.razor",
@@ -939,7 +937,6 @@
         "{ProjectName}.Client/{ProjectName}.Client.csproj",
         "{ProjectName}.Client/Pages/Auth.razor",
         "{ProjectName}.Client/Pages/Counter.razor",
-        "{ProjectName}.Client/PersistentAuthenticationStateProvider.cs",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
         "{ProjectName}.Client/UserInfo.cs",
@@ -952,6 +949,7 @@
         "{ProjectName}/Components/Account/IdentityComponentsEndpointRouteBuilderExtensions.cs",
         "{ProjectName}/Components/Account/IdentityNoOpEmailSender.cs",
         "{ProjectName}/Components/Account/IdentityRedirectManager.cs",
+        "{ProjectName}/Components/Account/IdentityRevalidatingAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/IdentityUserAccessor.cs",
         "{ProjectName}/Components/Account/Pages/AccessDenied.razor",
         "{ProjectName}/Components/Account/Pages/ConfirmEmail.razor",
@@ -984,7 +982,6 @@
         "{ProjectName}/Components/Account/Pages/ResetPassword.razor",
         "{ProjectName}/Components/Account/Pages/ResetPasswordConfirmation.razor",
         "{ProjectName}/Components/Account/Pages/_Imports.razor",
-        "{ProjectName}/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/Shared/ExternalLoginPicker.razor",
         "{ProjectName}/Components/Account/Shared/ManageLayout.razor",
         "{ProjectName}/Components/Account/Shared/ManageNavMenu.razor",
@@ -1202,7 +1199,6 @@
       "Arguments": "new blazor --interactivity auto --empty --auth Individual",
       "Files": [
         "{ProjectName}.Client/{ProjectName}.Client.csproj",
-        "{ProjectName}.Client/PersistentAuthenticationStateProvider.cs",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
         "{ProjectName}.Client/UserInfo.cs",
@@ -1213,6 +1209,7 @@
         "{ProjectName}/Components/Account/IdentityComponentsEndpointRouteBuilderExtensions.cs",
         "{ProjectName}/Components/Account/IdentityNoOpEmailSender.cs",
         "{ProjectName}/Components/Account/IdentityRedirectManager.cs",
+        "{ProjectName}/Components/Account/IdentityRevalidatingAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/IdentityUserAccessor.cs",
         "{ProjectName}/Components/Account/Pages/AccessDenied.razor",
         "{ProjectName}/Components/Account/Pages/ConfirmEmail.razor",
@@ -1245,7 +1242,6 @@
         "{ProjectName}/Components/Account/Pages/ResetPassword.razor",
         "{ProjectName}/Components/Account/Pages/ResetPasswordConfirmation.razor",
         "{ProjectName}/Components/Account/Pages/_Imports.razor",
-        "{ProjectName}/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/Shared/ExternalLoginPicker.razor",
         "{ProjectName}/Components/Account/Shared/ManageLayout.razor",
         "{ProjectName}/Components/Account/Shared/ManageNavMenu.razor",
@@ -1360,7 +1356,6 @@
         "{ProjectName}.Client/Pages/Counter.razor",
         "{ProjectName}.Client/Pages/Home.razor",
         "{ProjectName}.Client/Pages/Weather.razor",
-        "{ProjectName}.Client/PersistentAuthenticationStateProvider.cs",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
         "{ProjectName}.Client/Routes.razor",
@@ -1406,7 +1401,6 @@
         "{ProjectName}/Components/Account/Pages/ResetPassword.razor",
         "{ProjectName}/Components/Account/Pages/ResetPasswordConfirmation.razor",
         "{ProjectName}/Components/Account/Pages/_Imports.razor",
-        "{ProjectName}/Components/Account/PersistingServerAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/Shared/ExternalLoginPicker.razor",
         "{ProjectName}/Components/Account/Shared/ManageLayout.razor",
         "{ProjectName}/Components/Account/Shared/ManageNavMenu.razor",
@@ -1444,7 +1438,6 @@
         "{ProjectName}.Client/Pages/Counter.razor",
         "{ProjectName}.Client/Pages/Home.razor",
         "{ProjectName}.Client/Pages/Weather.razor",
-        "{ProjectName}.Client/PersistentAuthenticationStateProvider.cs",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
         "{ProjectName}.Client/Routes.razor",
@@ -1458,6 +1451,7 @@
         "{ProjectName}/Components/Account/IdentityComponentsEndpointRouteBuilderExtensions.cs",
         "{ProjectName}/Components/Account/IdentityNoOpEmailSender.cs",
         "{ProjectName}/Components/Account/IdentityRedirectManager.cs",
+        "{ProjectName}/Components/Account/IdentityRevalidatingAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/IdentityUserAccessor.cs",
         "{ProjectName}/Components/Account/Pages/AccessDenied.razor",
         "{ProjectName}/Components/Account/Pages/ConfirmEmail.razor",
@@ -1490,7 +1484,6 @@
         "{ProjectName}/Components/Account/Pages/ResetPassword.razor",
         "{ProjectName}/Components/Account/Pages/ResetPasswordConfirmation.razor",
         "{ProjectName}/Components/Account/Pages/_Imports.razor",
-        "{ProjectName}/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs",
         "{ProjectName}/Components/Account/Shared/ExternalLoginPicker.razor",
         "{ProjectName}/Components/Account/Shared/ManageLayout.razor",
         "{ProjectName}/Components/Account/Shared/ManageNavMenu.razor",

From ec8ae2ef813e724f48ea3d29e9d26d61db24afdd Mon Sep 17 00:00:00 2001
From: Stephen Halter <halter73@gmail.com>
Date: Tue, 21 May 2024 11:09:38 -0700
Subject: [PATCH 3/3] Fix tests

- Use JSImports instead of DefaultWebAssemblyJSRuntime
- Remove unnecessary exclusions from template.json
- Remove UserInfo from the template client template
- Remove AddAuthorizationCore from AddRazorComponents
---
 ...orComponentsServiceCollectionExtensions.cs |  1 -
 ...t.AspNetCore.Components.WebAssembly.csproj |  1 -
 .../RazorComponents/App.razor                 | 17 +++++++++--------
 .../Components.WasmMinimal.csproj             |  1 +
 .../Components.WasmMinimal/Program.cs         | 19 ++++++++++++++-----
 .../.template.config/template.json            | 15 +--------------
 .../BlazorWeb-CSharp.Client/Program.Main.cs   |  6 +-----
 .../BlazorWeb-CSharp.Client/UserInfo.cs       |  9 ---------
 .../BlazorWeb-CSharp/Program.Main.cs          |  6 ++++++
 .../BlazorWeb-CSharp/Program.cs               |  6 ++++++
 .../Templates.Tests/template-baselines.json   |  5 -----
 11 files changed, 38 insertions(+), 48 deletions(-)
 delete mode 100644 src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/UserInfo.cs

diff --git a/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs b/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
index f0378c4ccf45..9582ba579942 100644
--- a/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
+++ b/src/Components/Endpoints/src/DependencyInjection/RazorComponentsServiceCollectionExtensions.cs
@@ -40,7 +40,6 @@ public static IRazorComponentsBuilder AddRazorComponents(this IServiceCollection
         // Dependencies
         services.AddLogging();
         services.AddAntiforgery();
-        services.AddAuthorizationCore();
 
         services.TryAddSingleton<RazorComponentsMarkerService>();
 
diff --git a/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj b/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj
index 83377b00e498..896817768457 100644
--- a/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj
+++ b/src/Components/WebAssembly/WebAssembly/src/Microsoft.AspNetCore.Components.WebAssembly.csproj
@@ -49,7 +49,6 @@
     <InternalsVisibleTo Include="Microsoft.AspNetCore.Components.WebAssembly.Tests" />
     <InternalsVisibleTo Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication.Tests" />
     <InternalsVisibleTo Include="BasicTestApp" />
-    <InternalsVisibleTo Include="Components.WasmMinimal" />
   </ItemGroup>
 
   <PropertyGroup>
diff --git a/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor b/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor
index d0344cb014c3..717f269eb2fb 100644
--- a/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor
+++ b/src/Components/test/testassets/Components.TestServer/RazorComponents/App.razor
@@ -18,18 +18,19 @@
     <script src="_framework/blazor.web.js" autostart="false" suppress-error="BL9992"></script>
     <script src="_content/TestContentPackage/counterInterop.js"></script>
     <script>
+        // This is called by the Components.WasmMinimal project.
         function getQueryParam(key) {
-            return new URLSearchParams(window.location.search).get(key);
-        }
-
-        function appendHiddenParagraph(id) {
-            const paragraph = document.createElement('p');
-            paragraph.id = id;
-            paragraph.style = 'display: none;';
-            document.body.appendChild(paragraph);
+            return new URLSearchParams(location.search).get(key);
         }
 
         function callBlazorStart() {
+            function appendHiddenParagraph(id) {
+                const paragraph = document.createElement('p');
+                paragraph.id = id;
+                paragraph.style = 'display: none;';
+                document.body.appendChild(paragraph);
+            }
+
             const enableClassicInitializers = sessionStorage.getItem('enable-classic-initializers') === 'true';
             const suppressEnhancedNavigation = sessionStorage.getItem('suppress-enhanced-navigation') === 'true';
             const blockLoadBootResource = sessionStorage.getItem('block-load-boot-resource') === 'true';
diff --git a/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj b/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj
index 0ec1746919d6..deabcd7fccae 100644
--- a/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj
+++ b/src/Components/test/testassets/Components.WasmMinimal/Components.WasmMinimal.csproj
@@ -5,6 +5,7 @@
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <StaticWebAssetBasePath>WasmMinimal</StaticWebAssetBasePath>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Components/test/testassets/Components.WasmMinimal/Program.cs b/src/Components/test/testassets/Components.WasmMinimal/Program.cs
index c8d6d67523f5..5074e4a0a068 100644
--- a/src/Components/test/testassets/Components.WasmMinimal/Program.cs
+++ b/src/Components/test/testassets/Components.WasmMinimal/Program.cs
@@ -1,29 +1,38 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Runtime.InteropServices.JavaScript;
 using System.Security.Claims;
 using Components.TestServer.Services;
 using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
-using Microsoft.AspNetCore.Components.WebAssembly.Services;
 
 var builder = WebAssemblyHostBuilder.CreateDefault(args);
 builder.Services.AddSingleton<AsyncOperationService>();
 builder.Services.AddCascadingAuthenticationState();
 
-var additionalClaim = DefaultWebAssemblyJSRuntime.Instance.Invoke<string>("getQueryParam", "additionalClaim");
-
 builder.Services.AddAuthenticationStateDeserialization(options =>
 {
     var originalCallback = options.DeserializationCallback;
     options.DeserializationCallback = async authenticationStateData =>
     {
         var authenticationState = await originalCallback(authenticationStateData);
-        if (!string.IsNullOrEmpty(additionalClaim))
+        var identity = authenticationState.User.Identities.First();
+        if (identity.IsAuthenticated)
         {
-            authenticationState.User.Identities.First().AddClaim(new Claim("additional-claim", additionalClaim));
+            var additionalClaim = JSImports.GetQueryParam("additionalClaim");
+            if (!string.IsNullOrEmpty(additionalClaim))
+            {
+                identity.AddClaim(new Claim("additional-claim", additionalClaim));
+            }
         }
         return authenticationState;
     };
 });
 
 await builder.Build().RunAsync();
+
+internal static partial class JSImports
+{
+    [JSImport("globalThis.getQueryParam")]
+    public static partial string GetQueryParam(string name);
+}
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/.template.config/template.json b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/.template.config/template.json
index f9bc0642e7ce..3d45e94b880c 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/.template.config/template.json
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/.template.config/template.json
@@ -123,7 +123,6 @@
           "exclude": [
             "BlazorWeb-CSharp/Components/Account/**",
             "BlazorWeb-CSharp/Data/**",
-            "BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs",
             "BlazorWeb-CSharp.Client/UserInfo.cs",
             "BlazorWeb-CSharp.Client/Pages/Auth.razor"
           ]
@@ -141,23 +140,11 @@
           ]
         },
         {
-          "condition": "(!(IndividualLocalAuth && UseServer && UseWebAssembly))",
-          "exclude": [
-            "BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs"
-          ]
-        },
-        {
-          "condition": "(!(IndividualLocalAuth && UseServer && !UseWebAssembly))",
+          "condition": "(!(IndividualLocalAuth && UseServer))",
           "exclude": [
             "BlazorWeb-CSharp/Components/Account/IdentityRevalidatingAuthenticationStateProvider.cs"
           ]
         },
-        {
-          "condition": "(!(IndividualLocalAuth && !UseServer && UseWebAssembly))",
-          "exclude": [
-            "BlazorWeb-CSharp/Components/Account/PersistingServerAuthenticationStateProvider.cs"
-          ]
-        },
         {
           "condition": "(IndividualLocalAuth && UseLocalDB && UseWebAssembly)",
           "rename": {
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.Main.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.Main.cs
index 1e5ff5788ec3..7ed596789d0d 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.Main.cs
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/Program.Main.cs
@@ -1,7 +1,3 @@
-#if (IndividualLocalAuth)
-using BlazorWeb_CSharp.Client;
-using Microsoft.AspNetCore.Components.Authorization;
-#endif
 using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
 
 namespace BlazorWeb_CSharp.Client;
@@ -15,7 +11,7 @@ static async Task Main(string[] args)
         #if (IndividualLocalAuth)
         builder.Services.AddAuthorizationCore();
         builder.Services.AddCascadingAuthenticationState();
-        builder.Services.AddSingleton<AuthenticationStateProvider, PersistentAuthenticationStateProvider>();
+        builder.Services.AddAuthenticationStateDeserialization();
 
         #endif
         await builder.Build().RunAsync();
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/UserInfo.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/UserInfo.cs
deleted file mode 100644
index b62cdbbe0c1b..000000000000
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/UserInfo.cs
+++ /dev/null
@@ -1,9 +0,0 @@
-namespace BlazorWeb_CSharp.Client;
-
-// Add properties to this class and update the server and client AuthenticationStateProviders
-// to expose more information about the authenticated user to the client.
-public class UserInfo
-{
-    public required string UserId { get; set; }
-    public required string Email { get; set; }
-}
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs
index ff1f15e9598f..6a2069105227 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.Main.cs
@@ -1,4 +1,7 @@
 #if (IndividualLocalAuth)
+#if (UseServer)
+using Microsoft.AspNetCore.Components.Authorization;
+#endif
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 #endif
@@ -55,6 +58,9 @@ public static void Main(string[] args)
                 options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
             })
             .AddIdentityCookies();
+        #if (!UseServer)
+        builder.Services.AddAuthorization();
+        #endif
 
         var connectionString = builder.Configuration.GetConnectionString("DefaultConnection") ?? throw new InvalidOperationException("Connection string 'DefaultConnection' not found.");
         builder.Services.AddDbContext<ApplicationDbContext>(options =>
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs
index f6a584298641..6fb87353ad7b 100644
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Program.cs
@@ -1,4 +1,7 @@
 #if (IndividualLocalAuth)
+#if (UseServer)
+using Microsoft.AspNetCore.Components.Authorization;
+#endif
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 #endif
@@ -49,6 +52,9 @@
         options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
     })
     .AddIdentityCookies();
+#if (!UseServer)
+builder.Services.AddAuthorization();
+#endif
 
 var connectionString = builder.Configuration.GetConnectionString("DefaultConnection") ?? throw new InvalidOperationException("Connection string 'DefaultConnection' not found.");
 builder.Services.AddDbContext<ApplicationDbContext>(options =>
diff --git a/src/ProjectTemplates/test/Templates.Tests/template-baselines.json b/src/ProjectTemplates/test/Templates.Tests/template-baselines.json
index 95f69148d44c..3cf85044b3de 100644
--- a/src/ProjectTemplates/test/Templates.Tests/template-baselines.json
+++ b/src/ProjectTemplates/test/Templates.Tests/template-baselines.json
@@ -824,7 +824,6 @@
         "{ProjectName}.Client/Pages/Counter.razor",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
-        "{ProjectName}.Client/UserInfo.cs",
         "{ProjectName}.Client/wwwroot/appsettings.Development.json",
         "{ProjectName}.Client/wwwroot/appsettings.json",
         "{ProjectName}.Client/_Imports.razor",
@@ -939,7 +938,6 @@
         "{ProjectName}.Client/Pages/Counter.razor",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
-        "{ProjectName}.Client/UserInfo.cs",
         "{ProjectName}.Client/wwwroot/appsettings.Development.json",
         "{ProjectName}.Client/wwwroot/appsettings.json",
         "{ProjectName}.Client/_Imports.razor",
@@ -1201,7 +1199,6 @@
         "{ProjectName}.Client/{ProjectName}.Client.csproj",
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
-        "{ProjectName}.Client/UserInfo.cs",
         "{ProjectName}.Client/_Imports.razor",
         "{ProjectName}.sln",
         "{ProjectName}/appsettings.Development.json",
@@ -1359,7 +1356,6 @@
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
         "{ProjectName}.Client/Routes.razor",
-        "{ProjectName}.Client/UserInfo.cs",
         "{ProjectName}.Client/wwwroot/appsettings.Development.json",
         "{ProjectName}.Client/wwwroot/appsettings.json",
         "{ProjectName}.Client/_Imports.razor",
@@ -1441,7 +1437,6 @@
         "{ProjectName}.Client/Program.cs",
         "{ProjectName}.Client/RedirectToLogin.razor",
         "{ProjectName}.Client/Routes.razor",
-        "{ProjectName}.Client/UserInfo.cs",
         "{ProjectName}.Client/wwwroot/appsettings.Development.json",
         "{ProjectName}.Client/wwwroot/appsettings.json",
         "{ProjectName}.Client/_Imports.razor",