WASM+Identity acct conf and PW recovery

Author: guardrex

.openpublishing.redirection.json

@@ -1312,6 +1312,16 @@
             "source_path": "aspnetcore/blazor/images.md",
             "redirect_url": "/aspnet/core/blazor/images-and-documents",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "aspnetcore/blazor/security/webassembly/standalone-with-identity.md",
+            "redirect_url": "/aspnet/core/blazor/security/webassembly/standalone-with-identity/",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "blazor/security/server/account-confirmation-and-password-recovery.md",
+            "redirect_url": "/aspnet/core/blazor/security/account-confirmation-and-password-recovery",
+            "redirect_document_id": false
         }
     ]
 }

aspnetcore/blazor/call-web-api.md

@@ -686,7 +686,7 @@ builder.Services.AddHttpClient(...)
 
 :::moniker range=">= aspnetcore-8.0"
 
-For a demonstration, see <xref:blazor/security/webassembly/standalone-with-identity>.
+For a demonstration, see <xref:blazor/security/webassembly/standalone-with-identity/index>.
 
 :::moniker-end
 

aspnetcore/blazor/fundamentals/index.md

@@ -189,7 +189,7 @@ Samples apps in the repository:
 * Two Blazor Web Apps and a Blazor WebAssembly app for calling web (server) APIs (<xref:blazor/call-web-api>)
 * Blazor Web App with OIDC (BFF and non-BFF patterns) (<xref:blazor/security/blazor-web-app-oidc>)
 * Blazor WebAssembly scopes-enabled logging (<xref:blazor/fundamentals/logging#client-side-log-scopes>)
-* Blazor WebAssembly with ASP.NET Core Identity (<xref:blazor/security/webassembly/standalone-with-identity>)
+* Blazor WebAssembly with ASP.NET Core Identity (<xref:blazor/security/webassembly/standalone-with-identity/index>)
 * .NET MAUI Blazor Hybrid app with a Blazor Web App and a shared UI provided by a Razor class library (RCL) (<xref:blazor/hybrid/tutorials/maui-blazor-web-app>)
 
 :::moniker-end

aspnetcore/blazor/security/server/account-confirmation-and-password-recovery.md renamed to aspnetcore/blazor/security/account-confirmation-and-password-recovery.md

@@ -5,12 +5,15 @@ description: Learn how to configure an ASP.NET Core Blazor Web App with email co
 ms.author: riande
 monikerRange: '>= aspnetcore-8.0'
 ms.date: 02/09/2024
-uid: blazor/security/server/account-confirmation-and-password-recovery
+uid: blazor/security/account-confirmation-and-password-recovery
 ---
 # Account confirmation and password recovery in ASP.NET Core Blazor
 
 This article explains how to configure an ASP.NET Core Blazor Web App with email confirmation and password recovery.
 
+> [!NOTE]
+> This article only applies to Blazor Web Apps. To implement email confirmation and password recovery for standalone Blazor WebAssembly apps with ASP.NET Core Identity, see <xref:blazor/security/webassembly/standalone-with-identity/account-confirmation-and-password-recovery>.
+
 ## Namespace
 
 The app's namespace used by the example in this article is `BlazorSample`. Update the code examples to use the namespace of your app.
@@ -21,7 +24,7 @@ In this article, [Mailchimp's Transactional API](https://mailchimp.com/developer
 
 Create a class to fetch the secure email API key. The example in this article uses a class named `AuthMessageSenderOptions` with a `EmailAuthKey` property to hold the key.
 
-`AuthMessageSenderOptions`:
+`AuthMessageSenderOptions.cs`:
 
 ```csharp
 namespace BlazorSample;
@@ -40,19 +43,31 @@ builder.Services.Configure<AuthMessageSenderOptions>(builder.Configuration);
 
 ## Configure a user secret for the provider's security key
 
-Set the key with the [Secret Manager tool](xref:security/app-secrets). In the following example, the key name is `EmailAuthKey`, and the key is represented by the `{KEY}` placeholder. In a command shell, navigate to the app's root folder and execute the following command with the API key:
+If the project has already been initialized for the [Secret Manager tool](xref:security/app-secrets), it will already have an app secrets identifier (`<AppSecretsId>`) in its project file (`.csproj`). In Visual Studio, you can tell if the app secrets ID is present by looking at the **Properties** panel when the project is selected in **Solution Explorer**. If the app hasn't been initialized, execute the following command in a command shell opened to the project's directory. In Visual Studio, you can use the Developer PowerShell command prompt.
+
+```dotnetcli
+dotnet user-secrets init
+```
+
+Set the key with the Secret Manager tool. In the following example, the key name is `EmailAuthKey`, and the key is represented by the `{KEY}` placeholder. In a command shell, navigate to the app's root folder and execute the following command with the API key:
 
 ```dotnetcli
 dotnet user-secrets set "EmailAuthKey" "{KEY}"
 ```
 
+If using Visual Studio, you can confirm the secret is set by right-clicking the server project in **Solution Explorer** and selecting **Manage User Secrets**.
+
 For more information, see <xref:security/app-secrets>.
 
 [!INCLUDE[](~/blazor/security/includes/secure-authentication-flows.md)]
 
 ## Implement `IEmailSender`
 
-Implement `IEmailSender` for the provider. The following example is based on Mailchimp's Transactional API using [Mandrill.net](https://www.nuget.org/packages/Mandrill.net). For a different provider, refer to their documentation on how to implement sending a message in the `Execute` method.
+The following example is based on Mailchimp's Transactional API using [Mandrill.net](https://www.nuget.org/packages/Mandrill.net). For a different provider, refer to their documentation on how to implement sending an email message.
+
+Add the [Mandrill.net](https://www.nuget.org/packages/Mandrill.net) NuGet package to the project.
+
+Add the following `EmailSender` class to implement <xref:Microsoft.AspNetCore.Identity.IEmailSender>. 
 
 `Components/Account/EmailSender.cs`:
 
@@ -170,7 +185,7 @@ builder.Services.Configure<DataProtectionTokenProviderOptions>(options =>
     options.TokenLifespan = TimeSpan.FromHours(3));
 ```
 
-The built in Identity user tokens ([AspNetCore/src/Identity/Extensions.Core/src/TokenOptions.cs](https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Extensions.Core/src/TokenOptions.cs)) have a [one day timeout](https://github.com/dotnet/AspNetCore/blob/main/src/Identity/Core/src/DataProtectionTokenProviderOptions.cs).
+The built-in Identity user tokens ([AspNetCore/src/Identity/Extensions.Core/src/TokenOptions.cs](https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Extensions.Core/src/TokenOptions.cs)) have a [one day timeout](https://github.com/dotnet/AspNetCore/blob/main/src/Identity/Core/src/DataProtectionTokenProviderOptions.cs).
 
 [!INCLUDE[](~/includes/aspnetcore-repo-ref-source-links.md)]
 
@@ -256,6 +271,13 @@ builder.Services
     .AddTransient<CustomEmailConfirmationTokenProvider<ApplicationUser>>();
 ```
 
+## Enable account confirmation after a site has users
+
+Enabling account confirmation on a site with users locks out all the existing users. Existing users are locked out because their accounts aren't confirmed. To work around existing user lockout, use one of the following approaches:
+
+* Update the database to mark all existing users as confirmed.
+* Confirm existing users. For example, batch-send emails with confirmation links.
+
 ## Troubleshoot
 
 If you can't get email working:
@@ -267,16 +289,6 @@ If you can't get email working:
 * Try another email alias on a different email provider, such as Microsoft, Yahoo, or Gmail.
 * Try sending to different email accounts.
 
-> [!WARNING]
-> Do **not** use production secrets in test and development. If you publish the app to Azure, set secrets as application settings in the Azure Web App portal. The configuration system is set up to read keys from environment variables.
-
-## Enable account confirmation after a site has users
-
-Enabling account confirmation on a site with users locks out all the existing users. Existing users are locked out because their accounts aren't confirmed. To work around existing user lockout, use one of the following approaches:
-
-* Update the database to mark all existing users as confirmed.
-* Confirm existing users. For example, batch-send emails with confirmation links.
-
 ## Additional resources
 
 * [Mandrill.net (GitHub repository)](https://github.com/feinoujc/Mandrill.net)

aspnetcore/blazor/security/authentication-state.md

@@ -474,7 +474,7 @@ The following component's `SignIn` method creates a claims principal for the use
 * [Server-side unauthorized content display while prerendering with a custom `AuthenticationStateProvider`](xref:blazor/security/server/index#unauthorized-content-display-while-prerendering-with-a-custom-authenticationstateprovider)
 * [How to access an `AuthenticationStateProvider` from a `DelegatingHandler` set up using an `IHttpClientFactory`](xref:blazor/security/server/additional-scenarios#access-authenticationstateprovider-in-outgoing-request-middleware)
 * <xref:blazor/security/blazor-web-app-oidc>
-* <xref:blazor/security/webassembly/standalone-with-identity>
+* <xref:blazor/security/webassembly/standalone-with-identity/index>
 
 :::moniker-end
 
@@ -483,7 +483,7 @@ The following component's `SignIn` method creates a claims principal for the use
 * [Server-side unauthorized content display while prerendering with a custom `AuthenticationStateProvider`](xref:blazor/security/server/index#unauthorized-content-display-while-prerendering-with-a-custom-authenticationstateprovider)
 * [How to access an `AuthenticationStateProvider` from a `DelegatingHandler` set up using an `IHttpClientFactory`](xref:blazor/security/server/additional-scenarios#access-authenticationstateprovider-in-outgoing-request-middleware)
 * <xref:blazor/security/blazor-web-app-oidc>
-* <xref:blazor/security/webassembly/standalone-with-identity>
+* <xref:blazor/security/webassembly/standalone-with-identity/index>
 [Prerendering with authentication in hosted Blazor WebAssembly apps](xref:blazor/security/webassembly/additional-scenarios#prerendering-with-authentication)
 
 :::moniker-end