Blazor 9.0 updates (#34277)

Author: guardrex

aspnetcore/blazor/file-uploads.md

@@ -259,15 +259,15 @@ public class UploadResult
 
 A security best practice for production apps is to avoid sending error messages to clients that might reveal sensitive information about an app, server, or network. Providing detailed error messages can aid a malicious user in devising attacks on an app, server, or network. The example code in this section only sends back an error code number (`int`) for display by the component client-side if a server-side error occurs. If a user requires assistance with a file upload, they provide the error code to support personnel for support ticket resolution without ever knowing the exact cause of the error.
 
-<!-- UPDATE 9.0 HOLD moniker range="< aspnetcore-9.0" -->
+<!-- UPDATE 10.0 HOLD moniker range="< aspnetcore-9.0" Tracking PU bug: https://github.com/dotnet/aspnetcore/issues/47301 -->
 
 The following `LazyBrowserFileStream` class defines a custom stream type that lazily calls <xref:Microsoft.AspNetCore.Components.Forms.IBrowserFile.OpenReadStream%2A> just before the first bytes of the stream are requested. The stream isn't transmitted from the browser to the server until reading the stream begins in .NET.
 
 `LazyBrowserFileStream.cs`:
 
-<!-- UPDATE 9.0 HOLD moniker-end -->
+<!-- UPDATE 10.0 HOLD moniker-end -->
 
-<!-- UPDATE 9.0 HOLD for next line: < aspnetcore-9.0 -->
+<!-- UPDATE 10.0 HOLD for next line: < aspnetcore-9.0 -->
 
 :::moniker range=">= aspnetcore-8.0"
 
@@ -332,7 +332,7 @@ The following `FileUpload2` component:
 
 :::moniker-end
 
-<!-- UPDATE 9.0 HOLD for the next line: < aspnetcore-9.0 -->
+<!-- UPDATE 10.0 HOLD for the next line: < aspnetcore-9.0 -->
 
 :::moniker range=">= aspnetcore-8.0"
 
@@ -909,10 +909,6 @@ For more information on SignalR configuration and how to set <xref:Microsoft.Asp
 
 ## Maximum parallel invocations per client hub setting
 
-<!-- UPDATE 9.0 Check on a fix for this per
-                https://github.com/dotnet/aspnetcore/issues/53951 
-                and version if fixed. -->
-
 Blazor relies on <xref:Microsoft.AspNetCore.SignalR.HubOptions.MaximumParallelInvocationsPerClient%2A> set to 1, which is the default value.
 
 Increasing the value leads to a high probability that `CopyTo` operations throw `System.InvalidOperationException: 'Reading is not allowed after reader was completed.'`. For more information, see [MaximumParallelInvocationsPerClient > 1 breaks file upload in Blazor Server mode (`dotnet/aspnetcore` #53951)](https://github.com/dotnet/aspnetcore/issues/53951).
@@ -925,13 +921,11 @@ The line that calls <xref:Microsoft.AspNetCore.Components.Forms.IBrowserFile.Ope
 
 Possible causes:
 
-<!-- UPDATE 9.0 HOLD: in versions of ASP.NET Core earlier than 9.0 -->
-
 * Using the [Autofac Inversion of Control (IoC) container](https://autofac.org/) instead of the built-in ASP.NET Core dependency injection container. To resolve the issue, set <xref:Microsoft.AspNetCore.SignalR.HubOptions.DisableImplicitFromServicesParameters%2A> to `true` in the [server-side circuit handler hub options](xref:blazor/fundamentals/signalr#server-side-circuit-handler-options). For more information, see [FileUpload: Did not receive any data in the allotted time (`dotnet/aspnetcore` #38842)](https://github.com/dotnet/aspnetcore/issues/38842#issuecomment-1342540950).
 
 * Not reading the stream to completion. This isn't a framework issue. Trap the exception and investigate it further in your local environment/network.
 
-<!-- UPDATE 9.0 HOLD in versions of ASP.NET Core earlier than 9.0 
+<!-- UPDATE 10.0 HOLD in versions of ASP.NET Core earlier than 9.0 
                 adopt ***either*** of the following approaches: * Upgrade the app to ASP.NET Core 9.0 or later. 
                 with the article version selector set to "ASP.NET Core in .NET 8" or earlier -->
 

aspnetcore/blazor/host-and-deploy/server.md

@@ -95,12 +95,7 @@ The service isn't required for Blazor apps hosted in Azure App Service or Azure
 
 :::moniker range=">= aspnetcore-8.0"
 
-<!-- UPDATE 9.0 Update section to only cross-link stateful
-                reconnect guidance after the feature is
-                supported with Azure SignalR Service. -->
-
-> [!NOTE]
-> [Stateful reconnect](xref:signalr/configuration#configure-stateful-reconnect) (<xref:Microsoft.AspNetCore.SignalR.Client.HubConnectionBuilderHttpExtensions.WithStatefulReconnect%2A>) was released with .NET 8 but isn't currently supported for the Azure SignalR Service. For more information, see [Stateful Reconnect Support? (`Azure/azure-signalr` #1878)](https://github.com/Azure/azure-signalr/issues/1878).
+The Azure SignalR Service with SDK [v1.26.1](https://github.com/Azure/azure-signalr/releases/tag/v1.26.1) or later supports [SignalR stateful reconnect](xref:signalr/configuration#configure-stateful-reconnect) (<xref:Microsoft.AspNetCore.SignalR.Client.HubConnectionBuilderHttpExtensions.WithStatefulReconnect%2A>).
 
 :::moniker-end
 

aspnetcore/blazor/hybrid/class-libraries.md

@@ -48,25 +48,20 @@ For more information, see the following articles:
 
 :::moniker-end
 
-<!-- UPDATE 9.0 Ask Beth on a replacement for this
-
 ## Sample app
 
-For an example of the scenarios described in this article, see the .NET Podcasts sample app:
+For an example of the scenarios described in this article, see the [eShop Reference Application (AdventureWorks) (`dotnet/eShop` GitHub repository)](https://github.com/dotnet/eShop). The .NET MAUI Blazor Hybrid app is in the `src/HybridApp` folder.
 
-* [GitHub repository (`microsoft/dotnet-podcasts`)](https://github.com/microsoft/dotnet-podcasts)
-* [Running sample app (Azure Container Apps Service)](https://dotnetpodcasts.azurewebsites.net/)
+For a version of the sample app tailored for Azure hosting, see the [`Azure-Samples/eShopOnAzure` GitHub repository](https://github.com/Azure-Samples/eShopOnAzure).
 
-The .NET Podcasts app showcases the following technologies:
+The sample app showcases the following technologies:
 
 * [.NET](https://dotnet.microsoft.com/download/dotnet)
 * [ASP.NET Core](https://dotnet.microsoft.com/apps/aspnet)
 * [Blazor](https://dotnet.microsoft.com/apps/aspnet/web-apps/blazor)
 * [.NET MAUI](https://dotnet.microsoft.com/apps/maui)
-* [Azure Container Apps](https://azure.microsoft.com/services/container-apps/)
-* [Orleans](/dotnet/orleans/overview)
-
--->
+* [.NET Aspire](/dotnet/aspire/get-started/aspire-overview)
+* [Docker](https://docs.docker.com/get-started/docker-overview/)
 
 ## Share web UI Razor components, code, and static assets
 

aspnetcore/blazor/hybrid/reuse-razor-components.md

@@ -75,12 +75,8 @@ For an example, see <xref:blazor/hybrid/tutorials/maui-blazor-web-app#using-inte
 
 :::moniker-end
 
-<!-- UPDATE 9.0 Ask Beth on a replacement for this
-
 ## Additional resources
 
-* .NET MAUI Blazor podcast sample app
-  * [Source code (`microsoft/dotnet-podcasts` GitHub repository)](https://github.com/microsoft/dotnet-podcasts)
-  * [Live app](https://dotnetpodcasts.azurewebsites.net/)
-
--->
+* eShop Reference Application (AdventureWorks): The .NET MAUI Blazor Hybrid app is in the `src/HybridApp` folder.
+  * For Azure hosting: [`Azure-Samples/eShopOnAzure` GitHub repository](https://github.com/Azure-Samples/eShopOnAzure)
+  * For general non-Azure hosting: [`dotnet/eShop` GitHub repository](https://github.com/dotnet/eShop). 

aspnetcore/blazor/security/blazor-web-app-with-oidc.md

@@ -731,11 +731,6 @@ At this point, Razor components can adopt [role-based and policy-based authoriza
 
 Use the guidance in this section to implement application roles, ME-ID security groups, and ME-ID built-in administrator roles for apps using [Microsoft Entra ID (ME-ID)](https://www.microsoft.com/security/business/microsoft-entra).
 
-<!-- UPDATE 9.0 If we end up with a BWA + MS Identity Web article
-                and sample, this section will be removed in favor
-                of coverage of using Graph for groups/roles in the
-                new article. -->
-
 The approach described in this section configures ME-ID to send groups and roles in the authentication cookie header. When users are only a member of a few security groups and roles, the following approach should work for most hosting platforms without running into a problem where headers are too long, for example with IIS hosting that has a default header length limit of 16 KB (`MaxRequestBytes`). If header length is a problem due to high group or role membership, we recommend not following the guidance in this section in favor of implementing [Microsoft Graph](/graph/sdks/sdks-overview) to obtain a user's groups and roles from ME-ID separately, an approach that doesn't inflate the size of the authentication cookie. For more information, see [Bad Request - Request Too Long - IIS Server (`dotnet/aspnetcore` #57545)](https://github.com/dotnet/aspnetcore/issues/57545).
 
 Configure the role claim type (<xref:Microsoft.IdentityModel.Tokens.TokenValidationParameters.RoleClaimType?displayProperty=nameWithType>) in <xref:Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions> of `Program.cs`. Set the value to `roles`:

aspnetcore/blazor/security/index.md

@@ -283,10 +283,6 @@ For a description on how global interactive render modes are applied to non-Iden
 
 For more information on persisting prerendered state, see <xref:blazor/components/prerender#persist-prerendered-state>.
 
-<!-- UPDATE 9.0 Remove blog post cross-link -->
-
-For more information on the Blazor Identity UI and guidance on integrating external logins through social websites, see [What's new with identity in .NET 8](https://devblogs.microsoft.com/dotnet/whats-new-with-identity-in-dotnet-8/#the-blazor-identity-ui).
-
 [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)]
 
 ### Manage authentication state in Blazor Web Apps

aspnetcore/blazor/tutorials/movie-database-app/part-2.md

@@ -417,7 +417,7 @@ When you select the **:::no-loc text="Create":::** button, the movie data is pos
 
 :::moniker range=">= aspnetcore-9.0"
 
-<!-- UPDATE 9.0 Revert when debugger is updated -->
+<!-- UPDATE 10.0 Revert when https://github.com/dotnet/aspnetcore/issues/53996 is addressed -->
 
 :::zone pivot="vs"