diff --git a/aspnetcore/blazor/components/data-binding.md b/aspnetcore/blazor/components/data-binding.md index edbe3df22122..2ace71e69dea 100644 --- a/aspnetcore/blazor/components/data-binding.md +++ b/aspnetcore/blazor/components/data-binding.md @@ -5,7 +5,7 @@ description: Learn about data binding features for Razor components and DOM elem monikerRange: '>= aspnetcore-3.1' ms.author: wpickett ms.custom: mvc, sfi-ropc-nochange -ms.date: 11/12/2024 +ms.date: 10/30/2025 uid: blazor/components/data-binding --- # ASP.NET Core Blazor data binding @@ -230,6 +230,8 @@ The `:get` and `:set` modifiers are always used together. With `:get`/`:set` binding, you can react to a value change before it's applied to the DOM, and you can change the applied value, if necessary. Whereas with `@bind:event="{EVENT}"` attribute binding, where the `{EVENT}` placeholder is a DOM event, you receive the notification after the DOM is updated, and there's no capacity to modify the applied value while binding. +The following `BindGetSet` component demonstrates `@bind:get`/`@bind:set` syntax for `` elements and the [`InputText` component](xref:blazor/forms/input-components) used by [Blazor forms](xref:blazor/forms/index) in synchronous (`Set`) and asynchronous (`SetAsync`) scenarios. + `BindGetSet.razor`: ```razor @@ -251,7 +253,7 @@ With `:get`/`:set` binding, you can react to a value change before it's applied @code { - private string text = ""; + private string text = string.Empty; private void Set(string value) { @@ -958,6 +960,21 @@ In the following `NestedChild` component, the `NestedGrandchild` component: Prior to the release of .NET 7, two-way binding across components uses `get`/`set` accessors with a third property that discards the returned by in its setter. To see an example of this approach for .NET 6 or earlier before `@bind:get`/`@bind:set` modifiers became a framework feature, see [the `NestedChild` component of this section in the .NET 6 version of this article](?view=aspnetcore-6.0&preserve-view=true#bind-across-more-than-two-components). +The reason to avoid directly changing the value of a component parameter is that it effectively mutates the parent's state from the child component. This can interfere with Blazor's change detection process and trigger extra render cycles because parameters are meant to be *inputs*, they're not meant to be mutable state. In chained scenarios where data is passed among components, directly writing to a component parameter can lead to unintended effects, such as infinite rerenders that hang the app. + +`@bind:get`/`@bind:set` syntax allows you to: + +* Avoid creating an extra property that only exists to forward values and callbacks across chained components, which was required prior to the release of .NET 7. +* Intercept and transform values before they're applied. +* Keep the parameter immutable in the child, while still supporting two-way binding. + +A useful analogy is [HTML's `` element](https://developer.mozilla.org/docs/Web/HTML/Reference/Elements/input) that tracks the following value states: + +* `defaultValue`: Like a component parameter received from the parent. +* `value`: Like the current state inside the component. + +If you mutate `defaultValue` directly, you're breaking the contract. Instead, these states are kept separate, and only the `value` is updated through controlled means after the initial render of the element. The same reasoning applies to component parameters, and using `@bind:get`/`@bind:set` syntax avoids potential unintended rendering effects associated with writing directly to component parameters. + :::moniker-end `NestedChild.razor`: diff --git a/aspnetcore/blazor/components/js-spa-frameworks.md b/aspnetcore/blazor/components/js-spa-frameworks.md index c16009f9af08..ac2f23b82afd 100644 --- a/aspnetcore/blazor/components/js-spa-frameworks.md +++ b/aspnetcore/blazor/components/js-spa-frameworks.md @@ -5,7 +5,7 @@ description: Learn how to create and use Razor components in JavaScript apps and monikerRange: '>= aspnetcore-6.0' ms.author: wpickett ms.custom: mvc -ms.date: 11/12/2024 +ms.date: 10/26/2025 uid: blazor/components/js-spa-frameworks --- # Use Razor components in JavaScript apps and SPA frameworks @@ -241,13 +241,13 @@ For an advanced example with additional features, see the example in the `BasicT :::moniker range=">= aspnetcore-7.0" -Use Blazor custom elements to dynamically render Razor components from other SPA frameworks, such as Angular or React. +Use Blazor custom elements to dynamically render Razor components from different JavaScript technologies, such as [Angular](https://angular.dev/), [React](https://react.dev/), and [Vue](https://vuejs.org/). Blazor custom elements: * Use standard HTML interfaces to implement custom HTML elements. * Eliminate the need to manually manage the state and lifecycle of root Razor components using JavaScript APIs. -* Are useful for gradually introducing Razor components into existing projects written in other SPA frameworks. +* Are useful for gradually introducing Razor components into existing projects written in other technologies. Custom elements don't support [child content](xref:blazor/components/index#child-content-render-fragments) or [templated components](xref:blazor/components/templated-components). @@ -471,7 +471,7 @@ Use the custom element with any web framework. For example, the preceding counte ## Generate Angular and React components -Generate framework-specific JavaScript (JS) components from Razor components for web frameworks, such as Angular or React. This capability isn't included with .NET, but is enabled by the support for rendering Razor components from JS. The [JS component generation sample on GitHub](https://github.com/aspnet/samples/tree/main/samples/aspnetcore/blazor/JSComponentGeneration) demonstrates how to generate Angular and React components from Razor components. See the GitHub sample app's `README.md` file for additional information. +Generate JavaScript (JS) components from Razor components for JavaScript technologies, such as Angular or React. This capability isn't included with .NET, but is enabled by the support for rendering Razor components from JS. The [JS component generation sample on GitHub](https://github.com/aspnet/samples/tree/main/samples/aspnetcore/blazor/JSComponentGeneration) demonstrates how to generate Angular and React components from Razor components. See the GitHub sample app's `README.md` file for additional information. > [!WARNING] > The Angular and React component features are currently **experimental, unsupported, and subject to change or be removed at any time**. We welcome your feedback on how well this particular approach meets your requirements. diff --git a/aspnetcore/blazor/components/layouts.md b/aspnetcore/blazor/components/layouts.md index 0c1ef4732a9b..547c55b46398 100644 --- a/aspnetcore/blazor/components/layouts.md +++ b/aspnetcore/blazor/components/layouts.md @@ -5,7 +5,7 @@ description: Learn how to create reusable layout components for Blazor apps. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett ms.custom: mvc -ms.date: 11/12/2024 +ms.date: 10/30/2025 uid: blazor/components/layouts --- # ASP.NET Core Blazor layouts @@ -79,8 +79,8 @@ In an app created from a [Blazor project template](xref:blazor/project-structure [Blazor's CSS isolation feature](xref:blazor/components/css-isolation) applies isolated CSS styles to the `MainLayout` component. By convention, the styles are provided by the accompanying stylesheet of the same name, `MainLayout.razor.css`. The ASP.NET Core framework implementation of the stylesheet is available for inspection in the ASP.NET Core reference source (`dotnet/aspnetcore` GitHub repository): -* [Blazor Web App `MainLayout.razor.css`](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Layout/MainLayout.razor.css) -* [Blazor WebAssembly `MainLayout.razor.css`](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Layout/MainLayout.razor.css) +* Blazor Web App: Locate `MainLayout.razor.css` in the `Components/Layout` folder of the server project in the [project template](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp). +* [Blazor WebAssembly `MainLayout.razor.css`](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Layout/MainLayout.razor.css). [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] diff --git a/aspnetcore/blazor/fundamentals/dependency-injection.md b/aspnetcore/blazor/fundamentals/dependency-injection.md index 20647ee3c325..02934ffdb378 100644 --- a/aspnetcore/blazor/fundamentals/dependency-injection.md +++ b/aspnetcore/blazor/fundamentals/dependency-injection.md @@ -5,7 +5,7 @@ description: Learn how Blazor apps can inject services into components. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett ms.custom: mvc -ms.date: 11/12/2024 +ms.date: 10/27/2025 uid: blazor/fundamentals/dependency-injection --- # ASP.NET Core Blazor dependency injection @@ -554,23 +554,32 @@ Transient service registrations for // are also discovered. These instances can also be ignored. +:::moniker-end + +:::moniker range=">= aspnetcore-8.0" + The Blazor sample apps in the [Blazor samples GitHub repository](https://github.com/dotnet/blazor-samples/tree/main) ([how to download](xref:blazor/fundamentals/index#sample-apps)) demonstrate the code to detect transient disposables. However, the code is deactivated because the sample apps include / handlers. To activate the demonstration code and witness its operation: * Uncomment the transient disposable lines in `Program.cs`. -* Remove the conditional check in `NavLink.razor` that prevents the `TransientService` component from displaying in the app's navigation sidebar: +* Remove the conditional check in `NavMenu.razor` that prevents the `TransientService` component from displaying in the app's navigation sidebar: ```diff - - else if (name != "TransientService") - + else + - && (c.Name != "TransientService") ``` * Run the sample app and navigate to the `TransientService` component at `/transient-service`. :::moniker-end +:::moniker range=">= aspnetcore-6.0 < aspnetcore-8.0" + +The Blazor sample apps in the [Blazor samples GitHub repository](https://github.com/dotnet/blazor-samples/tree/main) ([how to download](xref:blazor/fundamentals/index#sample-apps)) demonstrate the code to detect transient disposables. Run the sample app and navigate to the `TransientService` component at `/transient-service`. + +:::moniker-end + ## Use of an Entity Framework Core (EF Core) DbContext from DI For more information, see . diff --git a/aspnetcore/blazor/fundamentals/index.md b/aspnetcore/blazor/fundamentals/index.md index 34b5476330bf..e20a68073979 100644 --- a/aspnetcore/blazor/fundamentals/index.md +++ b/aspnetcore/blazor/fundamentals/index.md @@ -5,7 +5,7 @@ description: Learn foundational concepts of the Blazor application framework. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett ms.custom: mvc -ms.date: 11/12/2024 +ms.date: 10/27/2025 uid: blazor/fundamentals/index --- # ASP.NET Core Blazor fundamentals @@ -179,6 +179,8 @@ Documentation sample apps are available for inspection and download: Locate a sample app by first selecting the version folder that matches the version of .NET that you're working with. +Sample apps only contain a subset of article examples for Blazor feature demonstrations. When a code example shown by an article isn't in one or more of the sample apps, you can usually place the example code into a local test app for a demonstration. + :::moniker range=">= aspnetcore-9.0" Samples apps in the repository: diff --git a/aspnetcore/blazor/fundamentals/signalr.md b/aspnetcore/blazor/fundamentals/signalr.md index b933c78577e7..03400de91b20 100644 --- a/aspnetcore/blazor/fundamentals/signalr.md +++ b/aspnetcore/blazor/fundamentals/signalr.md @@ -5,7 +5,7 @@ description: Learn how to configure and manage Blazor SignalR connections. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett ms.custom: mvc -ms.date: 11/12/2024 +ms.date: 10/30/2025 uid: blazor/fundamentals/signalr --- # ASP.NET Core Blazor SignalR guidance @@ -598,11 +598,7 @@ An element with an `id` of `components-seconds-to-next-attempt` displays the num ``` -The Blazor Web App project template includes a `ReconnectModal` component (`Layout/ReconnectModal.razor`) with collocated stylesheet and JavaScript files (`ReconnectModal.razor.css`, `ReconnectModal.razor.js`) that can be customized as needed. These files can be examined in the ASP.NET Core reference source or by inspecting an app created from the Blazor Web App project template. The component is added to the project when the project is created in Visual Studio with **Interactive render mode** set to **Server** or **Auto** or created with the .NET CLI with the option `--interactivity server` (default) or `--interactivity auto`. - -* [`ReconnectModal` component](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Layout/ReconnectModal.razor) -* [Stylesheet file](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Layout/ReconnectModal.razor.css) -* [JavaScript file](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Layout/ReconnectModal.razor.js) +The [Blazor Web App project template](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp) includes a `ReconnectModal` component (`Components/Layout/ReconnectModal.razor`) with collocated stylesheet and JavaScript files (`ReconnectModal.razor.css`, `ReconnectModal.razor.js`) that can be customized as needed. These files can be examined in the ASP.NET Core reference source or by inspecting an app created from the Blazor Web App project template. The component is added to the project when the project is created in Visual Studio with **Interactive render mode** set to **Server** or **Auto** or created with the .NET CLI with the option `--interactivity server` (default) or `--interactivity auto`. [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] diff --git a/aspnetcore/blazor/images-and-documents.md b/aspnetcore/blazor/images-and-documents.md index 670ef3a3a950..0399f89b2885 100644 --- a/aspnetcore/blazor/images-and-documents.md +++ b/aspnetcore/blazor/images-and-documents.md @@ -5,7 +5,7 @@ description: Learn how to display images and documents in ASP.NET Core Blazor ap monikerRange: '>= aspnetcore-6.0' ms.author: wpickett ms.custom: mvc -ms.date: 11/12/2024 +ms.date: 10/30/2025 uid: blazor/images-and-documents --- # Display images and documents in ASP.NET Core Blazor @@ -188,6 +188,8 @@ The following `ShowFile` component loads either a text file (`files/quote.txt`) :::moniker-end +In the preceding example, the `using` statement for the `response` variable doesn't dispose of the instance until the scope of `ShowFileAsync` ends. The open stream is maintained long enough to transfer the file data to the `setSource` function via JavaScript interop. For general guidance on the importance of disposing of instances, see . + ## Additional resources * diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index e60d283f4cff..2844a7d3731f 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -5,7 +5,7 @@ description: Learn about Blazor authentication and authorization scenarios. monikerRange: '>= aspnetcore-3.1' ms.author: wpickett ms.custom: mvc -ms.date: 05/30/2025 +ms.date: 10/30/2025 uid: blazor/security/index --- # ASP.NET Core Blazor authentication and authorization @@ -249,7 +249,7 @@ The template: * Configures routing for the built-in Identity endpoints. * Includes Identity validation and business logic. -To inspect the Blazor framework's Identity components, access them in the `Pages` and `Shared` folders of the [`Account` folder in the Blazor Web App project template (reference source)](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account). +To inspect the Blazor framework's Identity components, access them in the `Pages` and `Shared` folders of the `Components/Account` folder in the server project of the [Blazor Web App project template (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp). :::moniker-end @@ -259,7 +259,7 @@ When you choose the Interactive WebAssembly or Interactive Auto render modes, th The framework provides a custom in both the server and client (`.Client`) projects to flow the user's authentication state to the browser. The server project calls , while the client project calls . Authenticating on the server rather than the client allows the app to access authentication state during prerendering and before the .NET WebAssembly runtime is initialized. The custom implementations use the [Persistent Component State service](xref:blazor/state-management/prerendered-state-persistence) () to serialize the authentication state into HTML comments and then read it back from WebAssembly to create a new instance. For more information, see the [Manage authentication state in Blazor Web Apps](#manage-authentication-state-in-blazor-web-apps) section. -Only for Interactive Server solutions, [`IdentityRevalidatingAuthenticationStateProvider` (reference source)](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/IdentityRevalidatingAuthenticationStateProvider.cs) is a server-side that revalidates the security stamp for the connected user every 30 minutes an interactive circuit is connected. +Only for Interactive Server solutions, `IdentityRevalidatingAuthenticationStateProvider` (`Components/Account/IdentityRevalidatingAuthenticationStateProvider.cs`) in the server project of the [Blazor Web App project template (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp) is a server-side that revalidates the security stamp for the connected user every 30 minutes an interactive circuit is connected. :::moniker-end @@ -267,7 +267,7 @@ Only for Interactive Server solutions, [`IdentityRevalidatingAuthenticationState When you choose the Interactive WebAssembly or Interactive Auto render modes, the server handles all authentication and authorization requests, and the Identity components render statically on the server in the Blazor Web App's main project. The project template includes a [`PersistentAuthenticationStateProvider` class (reference source)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs) in the `.Client` project to synchronize the user's authentication state between the server and the browser. The class is a custom implementation of . The provider uses the [Persistent Component State service](xref:blazor/state-management/prerendered-state-persistence) () to prerender the authentication state and persist it to the page. -In the main project of a Blazor Web App, the authentication state provider is named either [`IdentityRevalidatingAuthenticationStateProvider` (reference source)](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/IdentityRevalidatingAuthenticationStateProvider.cs) (Server interactivity solutions only) or [`PersistingRevalidatingAuthenticationStateProvider` (reference source)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs) (WebAssembly or Auto interactivity solutions). +In the main project of a Blazor Web App, the authentication state provider is named either `IdentityRevalidatingAuthenticationStateProvider` in the `Components/Account` folder of the server project in the [Blazor Web App project template (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp) (Server interactivity solutions only) or the `PersistingRevalidatingAuthenticationStateProvider` (WebAssembly or Auto interactivity solutions) in the same folder. :::moniker-end @@ -325,11 +325,11 @@ builder.Services.AddAuthenticationStateDeserialization(); :::moniker range=">= aspnetcore-8.0 < aspnetcore-9.0" -* [`PersistingRevalidatingAuthenticationStateProvider` (reference source)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs): For Blazor Web Apps that adopt interactive server-side rendering (interactive SSR) and client-side rendering (CSR). This is a server-side that revalidates the security stamp for the connected user every 30 minutes an interactive circuit is connected. It also uses the [Persistent Component State service](xref:blazor/state-management/prerendered-state-persistence) to flow the authentication state to the client, which is then fixed for the lifetime of CSR. +* [`PersistingRevalidatingAuthenticationStateProvider` (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingRevalidatingAuthenticationStateProvider.cs): For Blazor Web Apps that adopt interactive server-side rendering (interactive SSR) and client-side rendering (CSR). This is a server-side that revalidates the security stamp for the connected user every 30 minutes an interactive circuit is connected. It also uses the [Persistent Component State service](xref:blazor/state-management/prerendered-state-persistence) to flow the authentication state to the client, which is then fixed for the lifetime of CSR. -* [`PersistingServerAuthenticationStateProvider` (reference source)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingServerAuthenticationStateProvider.cs): For Blazor Web Apps that only adopt CSR. This is a server-side that uses the [Persistent Component State service](xref:blazor/state-management/prerendered-state-persistence) to flow the authentication state to the client, which is then fixed for the lifetime of CSR. +* [`PersistingServerAuthenticationStateProvider` (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/PersistingServerAuthenticationStateProvider.cs): For Blazor Web Apps that only adopt CSR. This is a server-side that uses the [Persistent Component State service](xref:blazor/state-management/prerendered-state-persistence) to flow the authentication state to the client, which is then fixed for the lifetime of CSR. -* [`PersistentAuthenticationStateProvider` (reference source)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs): For Blazor Web Apps that adopt CSR. This is a client-side that determines the user's authentication state by looking for data persisted in the page when it was rendered on the server. This authentication state is fixed for the lifetime of CSR. If the user needs to log in or out, a full-page reload is required. This only provides a user name and email for display purposes. It doesn't include tokens that authenticate to the server when making subsequent requests, which is handled separately using a cookie that's included on `HttpClient` requests to the server. +* [`PersistentAuthenticationStateProvider` (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/blob/release/8.0/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp.Client/PersistentAuthenticationStateProvider.cs): For Blazor Web Apps that adopt CSR. This is a client-side that determines the user's authentication state by looking for data persisted in the page when it was rendered on the server. This authentication state is fixed for the lifetime of CSR. If the user needs to log in or out, a full-page reload is required. This only provides a user name and email for display purposes. It doesn't include tokens that authenticate to the server when making subsequent requests, which is handled separately using a cookie that's included on `HttpClient` requests to the server. [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] diff --git a/aspnetcore/blazor/security/qrcodes-for-authenticator-apps.md b/aspnetcore/blazor/security/qrcodes-for-authenticator-apps.md index 752f94bac48e..ef1ec5efa37f 100644 --- a/aspnetcore/blazor/security/qrcodes-for-authenticator-apps.md +++ b/aspnetcore/blazor/security/qrcodes-for-authenticator-apps.md @@ -4,7 +4,7 @@ author: guardrex description: Discover how to enable QR code generation for TOTP authenticator apps that work with ASP.NET Core Blazor Web App two-factor authentication. ms.author: wpickett monikerRange: '>= aspnetcore-8.0' -ms.date: 11/12/2024 +ms.date: 10/30/2025 uid: blazor/security/qrcodes-for-authenticator-apps --- # Enable QR code generation for TOTP authenticator apps in an ASP.NET Core Blazor Web App @@ -98,9 +98,7 @@ Run the app and ensure that the QR code is scannable and that the code validates ## `EnableAuthenticator` component in reference source -The `EnableAuthenticator` component can be inspected in reference source: - -[`EnableAuthenticator` component in reference source](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/Pages/Manage/EnableAuthenticator.razor) +The `EnableAuthenticator` component (`Components/Account/Pages/Manage/EnableAuthenticator.razor` in the server project) can be inspected in the [Blazor Web App project template (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp). [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] diff --git a/aspnetcore/data/ef-mvc/intro/samples/5cu/Views/Home/Index.cshtml b/aspnetcore/data/ef-mvc/intro/samples/5cu/Views/Home/Index.cshtml index 3084bda0f218..7a59bcfbaa77 100644 --- a/aspnetcore/data/ef-mvc/intro/samples/5cu/Views/Home/Index.cshtml +++ b/aspnetcore/data/ef-mvc/intro/samples/5cu/Views/Home/Index.cshtml @@ -22,6 +22,6 @@

Download it

You can download the completed project from GitHub.

-

See project source code »

+

See project source code »

- \ No newline at end of file + diff --git a/aspnetcore/fundamentals/minimal-apis.md b/aspnetcore/fundamentals/minimal-apis.md index ece0f0b6a72c..0ebffb494b8c 100644 --- a/aspnetcore/fundamentals/minimal-apis.md +++ b/aspnetcore/fundamentals/minimal-apis.md @@ -5,12 +5,19 @@ description: Provides an overview of Minimal APIs in ASP.NET Core ms.author: wpickett content_well_notification: AI-contribution monikerRange: '>= aspnetcore-6.0' -ms.date: 09/08/2025 +ms.date: 10/23/2025 uid: fundamentals/minimal-apis ai-usage: ai-assisted --- - + # Minimal APIs quick reference @@ -68,7 +75,7 @@ The arguments passed to these methods are called "route h ## Parameter binding -[!INCLUDE [](~/fundamentals/minimal-apis/includes/parameter-binding8-10.md)] +[!INCLUDE [](~/fundamentals/minimal-apis/includes/parameter-binding-summary8-10.md)] ## Json+PipeReader deserialization in minimal APIs diff --git a/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis8.md b/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis8.md index a2dff1ae391c..67130b3ba76a 100644 --- a/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis8.md +++ b/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis8.md @@ -50,7 +50,7 @@ The arguments passed to these methods are called "route h ## Parameter binding -[!INCLUDE [](~/fundamentals/minimal-apis/includes/parameter-binding8-10.md)] +[!INCLUDE [](~/fundamentals/minimal-apis/includes/parameter-binding-summary8-10.md)] ## Responses diff --git a/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis9.md b/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis9.md index 8890e72cbdf7..babaa158a41b 100644 --- a/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis9.md +++ b/aspnetcore/fundamentals/minimal-apis/includes/minimal-apis9.md @@ -50,7 +50,7 @@ The arguments passed to these methods are called "route h ## Parameter binding -[!INCLUDE [](~/fundamentals/minimal-apis/includes/parameter-binding8-10.md)] +[!INCLUDE [](~/fundamentals/minimal-apis/includes/parameter-binding-summary8-10.md)] ## Responses diff --git a/aspnetcore/fundamentals/minimal-apis/includes/parameter-binding-summary8-10.md b/aspnetcore/fundamentals/minimal-apis/includes/parameter-binding-summary8-10.md new file mode 100644 index 000000000000..5a19a191838f --- /dev/null +++ b/aspnetcore/fundamentals/minimal-apis/includes/parameter-binding-summary8-10.md @@ -0,0 +1,34 @@ +:::moniker range=">= aspnetcore-8.0" + +Parameter binding is the process of converting request data into strongly typed parameters that are expressed by route handlers. A binding source determines where parameters are bound from. Binding sources can be explicit or inferred based on HTTP method and parameter type. + +Supported binding sources: + +* Route values +* Query string +* Header +* Body (as JSON) +* Form values +* Services provided by dependency injection +* Custom + +The following GET route handler uses some of these parameter binding sources: + +:::code language="csharp" source="~/fundamentals/minimal-apis/7.0-samples/WebMinAPIs/Program.cs" id="snippet_pbg" highlight="8-11"::: + +### Key parameter binding features + +* **Explicit binding**: Use attributes like `[FromRoute]`, `[FromQuery]`, `[FromHeader]`, `[FromBody]`, `[FromForm]`, and `[FromServices]` to explicitly specify binding sources. +* **Form binding**: Bind form values using `[FromForm]` attribute, including support for `IFormFile` and `IFormFileCollection` for file uploads. +* **Complex types**: Bind to collections and complex types from forms, query strings, and headers. +* **Custom binding**: Implement custom binding logic using `TryParse`, `BindAsync`, or the `IBindableFromHttpContext` interface. +* **Optional parameters**: Support nullable types and default values for optional parameters. +* **Dependency injection**: Parameters are automatically bound from services registered in the DI container. +* **Special types**: Automatic binding for `HttpContext`, `HttpRequest`, `HttpResponse`, `CancellationToken`, `ClaimsPrincipal`, `Stream`, and `PipeReader`. + +--- + +**Learn more:** For detailed information on parameter binding including advanced scenarios, validation, binding precedence, and troubleshooting, see . + + +:::moniker-end diff --git a/aspnetcore/fundamentals/minimal-apis/includes/parameter-binding8-10.md b/aspnetcore/fundamentals/minimal-apis/includes/parameter-binding8-10.md index e67cea670ca0..d8dc4d1a14e3 100644 --- a/aspnetcore/fundamentals/minimal-apis/includes/parameter-binding8-10.md +++ b/aspnetcore/fundamentals/minimal-apis/includes/parameter-binding8-10.md @@ -35,7 +35,7 @@ The parameters in the preceding examples are all bound from request data automat :::code language="csharp" source="~/fundamentals/minimal-apis/7.0-samples/WebMinAPIs/Snippets/Program.cs" id="snippet_ManualRequestBinding" highlight="3-5,12"::: -### Explicit Parameter Binding +## Explicit Parameter Binding Attributes can be used to explicitly declare where parameters are bound from. @@ -49,7 +49,7 @@ Attributes can be used to explicitly declare where parameters are bound from. | `service` | Provided by dependency injection | | `contentType` | header with the name `"Content-Type"` | -#### Explicit binding from form values +### Explicit binding from form values The [`[FromForm]`](xref:Microsoft.AspNetCore.Mvc.FromFormAttribute) attribute binds form values: @@ -65,7 +65,7 @@ For more information, see the section on [AsParameters](#parameter-binding-for-a The [complete sample code](https://github.com/dotnet/AspNetCore.Docs.Samples/tree/main/fundamentals/minimal-apis/samples/IFormFile) is in the [AspNetCore.Docs.Samples](https://github.com/dotnet/AspNetCore.Docs.Samples) repository. -#### Secure binding from IFormFile and IFormFileCollection +### Secure binding from IFormFile and IFormFileCollection Complex form binding is supported using and using the [`[FromForm]`](xref:Microsoft.AspNetCore.Mvc.FromFormAttribute): @@ -77,13 +77,13 @@ For more information, see [Form binding in minimal APIs](https://andrewlock.net/ The [complete sample code](https://github.com/dotnet/AspNetCore.Docs.Samples/tree/main/fundamentals/minimal-apis/samples/FormBinding) is in the [AspNetCore.Docs.Samples](https://github.com/dotnet/AspNetCore.Docs.Samples) repository. -### Parameter binding with dependency injection +## Parameter binding with dependency injection Parameter binding for minimal APIs binds parameters through [dependency injection](xref:fundamentals/dependency-injection) when the type is configured as a service. It's not necessary to explicitly apply the [`[FromServices]`](xref:Microsoft.AspNetCore.Mvc.FromServicesAttribute) attribute to a parameter. In the following code, both actions return the time: :::code language="csharp" source="~/release-notes/aspnetcore-7/samples/ApiController/Program.cs" id="snippet_min" highlight="8-9"::: -### Optional parameters +## Optional parameters Parameters declared in route handlers are treated as required: @@ -127,7 +127,7 @@ The preceding code calls the method with a null product if no request body is se See the [Binding Failures](#bf) section for more information. -### Special types +## Special types The following types are bound without explicit attributes: @@ -159,7 +159,7 @@ The following types are bound without explicit attributes: -#### Bind the request body as a `Stream` or `PipeReader` +### Bind the request body as a `Stream` or `PipeReader` The request body can bind as a [`Stream`](/dotnet/api/system.io.stream) or [`PipeReader`](/dotnet/api/system.io.pipelines.pipereader) to efficiently support scenarios where the user has to process data and: @@ -184,7 +184,14 @@ The following code shows the complete `Program.cs` file: * The request body isn't buffered by default. After the body is read, it's not rewindable. The stream can't be read multiple times. * The `Stream` and `PipeReader` aren't usable outside of the minimal action handler as the underlying buffers will be disposed or reused. -#### File uploads using IFormFile and IFormFileCollection +### File uploads using IFormFile and IFormFileCollection + +File uploads using `IFormFile` and `IFormFileCollection` in minimal APIs require `multipart/form-data` encoding. The parameter name in the route handler must match the form field name in the request. Minimal APIs don't support binding the entire request body directly to an `IFormFile` parameter without form encoding. + +If you need to bind the entire request body, for example, when working with JSON, binary data, or other content types, see: + +- [Bind the request body as a Stream or PipeReader](#bind-the-request-body-as-a-stream-or-pipereader) +- [Explicit Parameter Binding](#explicit-parameter-binding) The following code uses and to upload file: @@ -194,7 +201,7 @@ Authenticated file upload requests are supported using an [Authorization header] -#### Binding to forms with IFormCollection, IFormFile, and IFormFileCollection +### Binding to forms with IFormCollection, IFormFile, and IFormFileCollection Binding from form-based parameters using , , and is supported. [OpenAPI](xref:fundamentals/openapi/aspnetcore-openapi) metadata is inferred for form parameters to support integration with [Swagger UI](xref:tutorials/web-api-help-pages-using-swagger). @@ -212,7 +219,7 @@ For more information, see [Form binding in minimal APIs](https://andrewlock.net/ -### Bind to collections and complex types from forms +## Bind to collections and complex types from forms Binding is supported for: @@ -244,7 +251,7 @@ isCompleted: false -### Bind arrays and string values from headers and query strings +## Bind arrays and string values from headers and query strings The following code demonstrates binding query strings to an array of primitive types, string arrays, and [StringValues](/dotnet/api/microsoft.extensions.primitives.stringvalues): @@ -279,7 +286,7 @@ The following code binds to the header key `X-Todo-Id` and returns the `Todo` it -### Parameter binding for argument lists with [AsParameters] +## Parameter binding for argument lists with [AsParameters] enables simple parameter binding to types and not complex or recursive model binding. @@ -319,7 +326,7 @@ Using a `struct` with `AsParameters` can be more performant than using a `record The [complete sample code](https://github.com/dotnet/AspNetCore.Docs.Samples/tree/main/fundamentals/minimal-apis/samples/arg-lists) in the [AspNetCore.Docs.Samples](https://github.com/dotnet/AspNetCore.Docs.Samples) repository. -### Custom Binding +## Custom Binding There are three ways to customize parameter binding: @@ -327,7 +334,7 @@ There are three ways to customize parameter binding: 1. Control the binding process by implementing a `BindAsync` method on a type. 1. For advanced scenarios, implement the interface to provide custom binding logic directly from the `HttpContext`. -#### TryParse +### TryParse `TryParse` has two APIs: @@ -340,7 +347,7 @@ The following code displays `Point: 12.3, 10.1` with the URI `/map?Point=12.3,10 :::code language="csharp" source="~/fundamentals/minimal-apis/7.0-samples/WebMinAPIs/Program.cs" id="snippet_cb"::: -#### BindAsync +### BindAsync `BindAsync` has the following APIs: @@ -355,7 +362,7 @@ The following code displays `SortBy:xyz, SortDirection:Desc, CurrentPage:99` wit -#### Custom parameter binding with `IBindableFromHttpContext` +### Custom parameter binding with `IBindableFromHttpContext` ASP.NET Core provides support for custom parameter binding in Minimal APIs using the interface. This interface, introduced with C# 11's static abstract members, allows you to create types that can be bound from an HTTP context directly in route handler parameters. @@ -381,7 +388,7 @@ You can also implement validation within your custom binding logic: [View or download the sample code](https://github.com/dotnet/AspNetCore.Docs/tree/main/aspnetcore/fundamentals/minimal-apis/10.0-samples/CustomBindingExample) ([how to download](xref:index#how-to-download-a-sample)) -### Binding failures +## Binding failures When binding fails, the framework logs a debug message and returns various status codes to the client depending on the failure mode. @@ -393,7 +400,7 @@ When binding fails, the framework logs a debug message and returns various statu | Failure to deserialize JSON body |doesn't matter|body|400| | Wrong content type (not `application/json`) |doesn't matter|body|415| -### Binding Precedence +## Binding Precedence The rules for determining a binding source from a parameter: @@ -423,11 +430,11 @@ The rules for determining a binding source from a parameter: 1. If the parameter type is a service provided by dependency injection, it uses that service as the source. 1. The parameter is from the body. -### Configure JSON deserialization options for body binding +## Configure JSON deserialization options for body binding The body binding source uses for deserialization. It is ***not*** possible to change this default, but JSON serialization and deserialization options can be configured. -#### Configure JSON deserialization options globally +### Configure JSON deserialization options globally Options that apply globally for an app can be configured by invoking . The following example includes public fields and formats JSON output. @@ -435,7 +442,7 @@ Options that apply globally for an app can be configured by invoking has overloads that accept a object. The following example includes public fields and formats JSON output. @@ -443,7 +450,7 @@ Since the sample code configures both serialization and deserialization, it can Since the preceding code applies the customized options only to deserialization, the output JSON excludes `NameField`. -### Read the request body +## Read the request body Read the request body directly using a or parameter: diff --git a/aspnetcore/fundamentals/openapi/customize-openapi.md b/aspnetcore/fundamentals/openapi/customize-openapi.md index 75d0b230f4fa..63d6f53dfdd1 100644 --- a/aspnetcore/fundamentals/openapi/customize-openapi.md +++ b/aspnetcore/fundamentals/openapi/customize-openapi.md @@ -5,7 +5,7 @@ description: Learn how to customize OpenAPI documents in an ASP.NET Core app ms.author: safia monikerRange: '>= aspnetcore-9.0' ms.custom: mvc -ms.date: 07/09/2025 +ms.date: 10/29/2025 uid: fundamentals/openapi/customize-openapi --- # Customize OpenAPI documents diff --git a/aspnetcore/fundamentals/openapi/include-metadata.md b/aspnetcore/fundamentals/openapi/include-metadata.md index 3b7e6acf6145..aa737361778e 100644 --- a/aspnetcore/fundamentals/openapi/include-metadata.md +++ b/aspnetcore/fundamentals/openapi/include-metadata.md @@ -161,10 +161,6 @@ The [`[Description]`](xref:System.ComponentModel.DescriptionAttribute) attribute #### [Minimal APIs](#tab/minimal-apis) -The [`[Description]`](xref:System.ComponentModel.DescriptionAttribute) attribute works in an MVC app but doesn't work in a Minimal API app at this time. For more information, see [`Description` parameter of `ProducesResponseTypeAttribute` does not work in minimal API app (`dotnet/aspnetcore` #60518)](https://github.com/dotnet/aspnetcore/issues/60518). - - - #### [Controllers](#tab/controllers) The following sample demonstrates how to set a description for a parameter. diff --git a/aspnetcore/fundamentals/openapi/includes/include-metadata9.md b/aspnetcore/fundamentals/openapi/includes/include-metadata9.md index 4335e8bf68f8..b27cbaf7304d 100644 --- a/aspnetcore/fundamentals/openapi/includes/include-metadata9.md +++ b/aspnetcore/fundamentals/openapi/includes/include-metadata9.md @@ -145,10 +145,6 @@ The [`[Description]`](xref:System.ComponentModel.DescriptionAttribute) attribute #### [Minimal APIs](#tab/minimal-apis) -The [`[Description]`](xref:System.ComponentModel.DescriptionAttribute) attribute works in an MVC app but doesn't work in a Minimal API app at this time. For more information, see [`Description` parameter of `ProducesResponseTypeAttribute` does not work in minimal API app (`dotnet/aspnetcore` #60518)](https://github.com/dotnet/aspnetcore/issues/60518). - - - #### [Controllers](#tab/controllers) The following sample demonstrates how to set a description for a parameter. diff --git a/aspnetcore/fundamentals/openapi/samples/10.x/WebMinOpenApi/Program.cs b/aspnetcore/fundamentals/openapi/samples/10.x/WebMinOpenApi/Program.cs index 95e3a6624007..3b031756fe31 100644 --- a/aspnetcore/fundamentals/openapi/samples/10.x/WebMinOpenApi/Program.cs +++ b/aspnetcore/fundamentals/openapi/samples/10.x/WebMinOpenApi/Program.cs @@ -269,7 +269,7 @@ public async Task TransformAsync(OpenApiDocument document, OpenApiDocumentTransf operation.Value.Security ??= []; operation.Value.Security.Add(new OpenApiSecurityRequirement { - [new OpenApiSecuritySchemeReference("Bearer")] = [] + [new OpenApiSecuritySchemeReference("Bearer", document)] = [] }); } } diff --git a/aspnetcore/includes/spa-templates-recommend-vs.md b/aspnetcore/includes/spa-templates-recommend-vs.md index 82309ec61c4b..cccbda76ead9 100644 --- a/aspnetcore/includes/spa-templates-recommend-vs.md +++ b/aspnetcore/includes/spa-templates-recommend-vs.md @@ -4,7 +4,7 @@ ms.author: tdykstra ms.date: 10/10/2023 ms.topic: include --- -Visual Studio provides project templates for creating single-page apps (SPAs) based on JavaScript frameworks such as [Angular](https://angular.dev/), [React](https://react.dev/), and [Vue](https://vuejs.org/) that have an ASP.NET Core backend. These templates: +Visual Studio provides project templates for creating single-page apps (SPAs) based on JavaScript technologies, such as [Angular](https://angular.dev/), [React](https://react.dev/), and [Vue](https://vuejs.org/) that have an ASP.NET Core backend. These templates: * Create a Visual Studio solution with a frontend project and a backend project. * Use the Visual Studio project type for JavaScript and TypeScript (*.esproj*) for the frontend. diff --git a/aspnetcore/release-notes/aspnetcore-8.0.md b/aspnetcore/release-notes/aspnetcore-8.0.md index c677621f5db4..4422d4599cb2 100644 --- a/aspnetcore/release-notes/aspnetcore-8.0.md +++ b/aspnetcore/release-notes/aspnetcore-8.0.md @@ -4,7 +4,7 @@ author: tdykstra description: Learn about the new features in ASP.NET Core in .NET 8. ms.author: tdykstra ms.custom: mvc -ms.date: 05/02/2024 +ms.date: 10/30/2025 uid: aspnetcore-8 --- # What's new in ASP.NET Core in .NET 8 @@ -157,9 +157,11 @@ For more information, see = aspnetcore-3.0' ms.author: wpickett -ms.date: 04/26/2024 +ms.date: 10/30/2025 uid: security/authentication/identity --- # Introduction to Identity on ASP.NET Core @@ -73,13 +73,13 @@ dotnet new blazor -au Individual -uld -o BlazorApp1 --- -The generated project includes Identity Razor components. The components are found in the `Components/Account` folder. For example: +The generated project includes Identity Razor components. The components are found in the `Components/Account` folder of the server project. For example: -* `/Components/Account/Pages/Register` -* `/Components/Account/Pages/Login` -* `/Components/Account/Pages/Manage/ChangePassword` +* `Components/Account/Pages/Register.razor` +* `Components/Account/Pages/Login.razor` +* `Components/Account/Pages/Manage/ChangePassword.razor` -Identity Razor components are described individually in the documentation for specific use cases and are subject to change each release. When you generate a Blazor Web App with Individual Accounts, Identity Razor components are included in the generated project. The Identity Razor components can also be inspected in the [Blazor project template in the ASP.NET Core reference source (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account). +Identity Razor components are described individually in the documentation for specific use cases and are subject to change each release. When you generate a Blazor Web App with Individual Accounts, Identity Razor components are included in the generated project. The Identity Razor components can also be inspected in the `Components/Account` folder of the server project in the [Blazor Web App project template (`dotnet/aspnetcore` GitHub repository)](https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp). [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)] diff --git a/aspnetcore/security/authentication/passkeys/blazor.md b/aspnetcore/security/authentication/passkeys/blazor.md index 31d151aaaad9..ded8ce50e9ab 100644 --- a/aspnetcore/security/authentication/passkeys/blazor.md +++ b/aspnetcore/security/authentication/passkeys/blazor.md @@ -5,12 +5,16 @@ description: Learn how to implement passkeys authentication in ASP.NET Core Blaz ms.author: wpickett monikerRange: '>= aspnetcore-10.0' ms.custom: mvc -ms.date: 10/20/2025 +ms.date: 10/30/2025 uid: security/authentication/passkeys/blazor zone_pivot_groups: implementation --- # Implement passkeys in ASP.NET Core Blazor Web Apps + + This guide explains how to implement [passkey support](xref:security/authentication/passkeys/index) for a new or existing Blazor Web App with ASP.NET Core Identity. For an overview of passkeys and general configuration guidance, see . diff --git a/aspnetcore/security/authentication/passkeys/index.md b/aspnetcore/security/authentication/passkeys/index.md index 48207802dba7..f2978551e6a3 100644 --- a/aspnetcore/security/authentication/passkeys/index.md +++ b/aspnetcore/security/authentication/passkeys/index.md @@ -5,7 +5,7 @@ description: Discover how to enable Web Authentication API (WebAuthn) passkeys i ms.author: wpickett monikerRange: '>= aspnetcore-10.0' ms.custom: mvc -ms.date: 09/10/2025 +ms.date: 10/30/2025 uid: security/authentication/passkeys/index --- # Enable Web Authentication API (WebAuthn) passkeys @@ -147,6 +147,10 @@ To prevent database exhaustion attacks, apps should enforce limits on passkey re The Blazor Web App template enforces these limits by default at the application level. For examples, see the following Razor components in the Blazor Web App project template: + + * [`Components/Account/Pages/Manage/Passkeys.razor`](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Components/Account/Pages/Manage/Passkeys.razor) * [`Components/Account/Pages/Manage/RenamePasskey.razor`](https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Components/Account/Pages/Manage/RenamePasskey.razor) diff --git a/aspnetcore/security/how-to-choose-identity-solution.md b/aspnetcore/security/how-to-choose-identity-solution.md index 060ad61eb9ee..4d0bebe0a5d8 100644 --- a/aspnetcore/security/how-to-choose-identity-solution.md +++ b/aspnetcore/security/how-to-choose-identity-solution.md @@ -4,7 +4,7 @@ description: A guide to help choose the right identity management solution for a author: JeremyLikness ms.author: jeliknes ms.topic: how-to -ms.date: 07/25/2023 +ms.date: 10/27/2025 uid: security/how-to-choose-identity --- @@ -14,7 +14,7 @@ Most web apps support authentication to ensure that users are who they claim to ## Basic identity management with ASP.NET Core Identity -ASP.NET Core ships with a built-in authentication provider: [ASP.NET Core Identity](xref:security/authentication/identity). The provider includes the APIs, UI, and backend database configuration to support managing user identities, storing user credentials, and granting or revoking permissions. Other features it supports include: +ASP.NET Core includes the built-in [ASP.NET Core Identity](xref:security/authentication/identity) authentication provider. The provider includes the APIs, UI, and backend database configuration to support managing user identities, storing user credentials, and granting or revoking permissions. Additional features include: * [External logins](xref:security/authentication/social/index) * [Multi-factor authentication (MFA)](xref:security/authentication/mfa) @@ -22,14 +22,9 @@ ASP.NET Core ships with a built-in authentication provider: [ASP.NET Core Identi * Account lockout and reactivation * Authenticator apps -For most scenarios, this may be the only provider needed. +For most scenarios, this may be the only provider needed. In other scenarios, a server or service that manages authentication and identity may be beneficial. -To learn more: - -* Read the [Introduction to Identity on ASP.NET Core](xref:security/authentication/identity) -* Follow a tutorial to build your own secure .NET web app: [Secure a .NET web app with the ASP.NET Core Identity framework](/training/modules/secure-aspnet-core-identity/). - -In other scenarios, a server or service that manages authentication and identity may be beneficial. +For more information, see . ## Determine if an OIDC server is needed diff --git a/aspnetcore/toc.yml b/aspnetcore/toc.yml index 4660100223ff..e962ebee16f4 100644 --- a/aspnetcore/toc.yml +++ b/aspnetcore/toc.yml @@ -227,9 +227,6 @@ items: - name: Data access >> displayName: tutorial, ef, entity framework href: /training/modules/persist-data-ef-core/ - - name: Web app security >> - displayName: tutorial, identity - href: /training/modules/secure-aspnet-core-identity/ - name: Fundamentals items: - name: Overview diff --git a/aspnetcore/tutorials/choose-web-ui.md b/aspnetcore/tutorials/choose-web-ui.md index 5d14838c2d60..43869722214b 100644 --- a/aspnetcore/tutorials/choose-web-ui.md +++ b/aspnetcore/tutorials/choose-web-ui.md @@ -3,7 +3,7 @@ title: Choose an ASP.NET Core UI author: wadepickett description: Learn when to use which ASP.NET Core web UI technologies. Understand the server, client and hybrid options. ms.author: wpickett -ms.date: 12/04/2023 +ms.date: 10/26/2025 uid: tutorials/choose-web-ui --- @@ -59,15 +59,15 @@ ASP.NET Core MVC benefits: To get started with ASP.NET Core MVC, see . For an overview of ASP.NET Core MVC's architecture and benefits, see . -## ASP.NET Core Single Page Applications (SPA) with frontend JavaScript frameworks +## ASP.NET Core Single Page Applications (SPA) with frontend JavaScript technologies -Build client-side logic for ASP.NET Core apps using popular JavaScript frameworks, like [Angular](https://angular.dev/), [React](https://react.dev/), and [Vue](https://vuejs.org/). ASP.NET Core provides project templates for Angular, React, and Vue, and it can be used with other JavaScript frameworks as well. +Build client-side logic for ASP.NET Core apps using popular JavaScript technologies, such as [Angular](https://angular.dev/), [React](https://react.dev/), and [Vue](https://vuejs.org/). ASP.NET Core provides project templates for Angular, React, and Vue, and it can be used with other JavaScript frameworks as well. -Benefits of ASP.NET Core SPA with JavaScript Frameworks, in addition to the client rendering benefits previously listed: +Benefits of ASP.NET Core SPA with JavaScript technologies, in addition to the client rendering benefits previously listed: * The JavaScript runtime environment is already provided with the browser. * Large community and mature ecosystem. -* Build client-side logic for ASP.NET Core apps using popular JS frameworks, like Angular, React, and Vue. +* Build client-side logic for ASP.NET Core apps using popular JavaScript technologies, such as Angular, React, and Vue. Downsides: diff --git a/aspnetcore/tutorials/choose-web-ui/includes/choose-web-ui3-7.md b/aspnetcore/tutorials/choose-web-ui/includes/choose-web-ui3-7.md index 905f79fcf100..ade9b132dc65 100644 --- a/aspnetcore/tutorials/choose-web-ui/includes/choose-web-ui3-7.md +++ b/aspnetcore/tutorials/choose-web-ui/includes/choose-web-ui3-7.md @@ -45,21 +45,21 @@ ASP.NET Core MVC benefits: * Clear [separation of concerns](/dotnet/standard/modern-web-apps-azure-architecture/architectural-principles#separation-of-concerns) for maximum flexibility. * The Model-View-Controller separation of responsibilities ensures that the business model can evolve without being tightly coupled to low-level implementation details. -To get started with ASP.NET Core MVC, see . For an overview of ASP.NET Core MVC's architecture and benefits, see . +To get started with ASP.NET Core MVC, see . For an overview of ASP.NET Core MVC's architecture and benefits, see . -## ASP.NET Core Single Page Applications (SPA) with frontend JavaScript frameworks +## ASP.NET Core Single Page Applications (SPA) with frontend JavaScript technologies -Build client-side logic for ASP.NET Core apps using popular JavaScript frameworks, like [Angular](https://angular.dev/), [React](https://react.dev/), and [Vue](https://vuejs.org/). ASP.NET Core provides project templates for Angular, React, and Vue, and it can be used with other JavaScript frameworks as well. +Build client-side logic for ASP.NET Core apps using popular JavaScript technologies, such as [Angular](https://angular.dev/), [React](https://react.dev/), and [Vue](https://vuejs.org/). ASP.NET Core provides project templates for Angular, React, and Vue, and it can be used with other JavaScript frameworks as well. -Benefits of ASP.NET Core SPA with JavaScript Frameworks, in addition to the client rendering benefits previously listed: +Benefits of ASP.NET Core SPA with JavaScript technologies, in addition to the client rendering benefits previously listed: * The JavaScript runtime environment is already provided with the browser. * Large community and mature ecosystem. -* Build client-side logic for ASP.NET Core apps using popular JS frameworks, like Angular, React, and Vue. +* Build client-side logic for ASP.NET Core apps using popular JavaScript technologies, such as Angular, React, and Vue. Downsides: -* More coding languages, frameworks, and tools required. +* More coding languages and tools are required. * Difficult to share code so some logic may be duplicated. To get started, see: