From 8d2d199d33fc005c033e5ebdc180f88427f5bf00 Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Wed, 4 Jun 2025 05:49:45 -0500 Subject: [PATCH 1/5] Clarify/cross-link for downstream web API calls (#35573) --- aspnetcore/blazor/call-web-api.md | 3 ++- aspnetcore/blazor/security/blazor-web-app-with-entra.md | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/aspnetcore/blazor/call-web-api.md b/aspnetcore/blazor/call-web-api.md index f7decd820c4f..e84c5428e56a 100644 --- a/aspnetcore/blazor/call-web-api.md +++ b/aspnetcore/blazor/call-web-api.md @@ -60,7 +60,7 @@ In the app's `Program` file, call: * : Enables token acquisition to call web APIs. -* `AddDownstreamApi`: Adds a named downstream web service related to a specific configuration section. +* `AddDownstreamApi`: Microsoft Identity Web packages provide API to create a named downstream web service for making web API calls. is injected into a server-side class, which is used to call to obtain weather data from an external web API (`MinimalApiJwt` project). * : Adds the .NET Core distributed token caches to the service collection. * : Adds a default implementation of that stores cache items in memory. * Configure the distributed token cache options (): @@ -234,6 +234,7 @@ This approach is used by the `BlazorWebAppEntra` and `BlazorWebAppEntraBff` samp For more information, see the following resources: * [Web API documentation | Microsoft identity platform](/entra/identity-platform/index-web-api) +* [A web API that calls web APIs: Call an API: Option 2: Call a downstream web API with the helper class](/entra/identity-platform/scenario-web-api-call-api-call-api?tabs=aspnetcore#option-2-call-a-downstream-web-api-with-the-helper-class) * * *Secure an ASP.NET Core Blazor Web App with Microsoft Entra ID* * [Non-BFF pattern (Interactive Auto)](xref:blazor/security/blazor-web-app-entra?pivots=non-bff-pattern) diff --git a/aspnetcore/blazor/security/blazor-web-app-with-entra.md b/aspnetcore/blazor/security/blazor-web-app-with-entra.md index 0d7fd1582883..e6cb4e2cae80 100644 --- a/aspnetcore/blazor/security/blazor-web-app-with-entra.md +++ b/aspnetcore/blazor/security/blazor-web-app-with-entra.md @@ -30,7 +30,7 @@ The following specification is covered: * The app uses [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra), based on [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) packages. * Automatic non-interactive token refresh is managed by the framework. * The app uses server-side and client-side service abstractions to display generated weather data: - * When rendering the `Weather` component on the server to display weather data, the component uses the `ServerWeatherForecaster` on the server to obtain weather data. + * When rendering the `Weather` component on the server to display weather data, the component uses the `ServerWeatherForecaster`. Microsoft Identity Web packages provide API to create a named downstream web service for making web API calls. is injected into the `ServerWeatherForecaster`, which is used to call to obtain weather data from an external web API (`MinimalApiJwt` project). * When the `Weather` component is rendered on the client, the component uses the `ClientWeatherForecaster` service implementation, which uses a preconfigured (in the client project's `Program` file) to make a web API call to the server project's Minimal API (`/weather-forecast`) for weather data. The Minimal API endpoint obtains the weather data from the `ServerWeatherForecaster` class and returns it to the client for rendering by the component. ## Sample solution @@ -216,11 +216,13 @@ The following specification is covered: * The server project calls to add a server-side authentication state provider that uses to flow the authentication state to the client. The client calls to deserialize and use the authentication state passed by the server. The authentication state is fixed for the lifetime of the WebAssembly application. * The app uses [Microsoft Entra ID](https://www.microsoft.com/security/business/microsoft-entra), based on [Microsoft Identity Web](/entra/msal/dotnet/microsoft-identity-web/) packages. * Automatic non-interactive token refresh is managed by the framework. -* The app uses server-side and client-side service abstractions to display generated weather data. * The [Backend for Frontend (BFF) pattern](/azure/architecture/patterns/backends-for-frontends) is adopted using [.NET Aspire](/dotnet/aspire/get-started/aspire-overview) for service discovery and [YARP](https://dotnet.github.io/yarp/) for proxying requests to a weather forecast endpoint on the backend app. * A backend web API uses JWT-bearer authentication to validate JWT tokens saved by the Blazor Web App in the sign-in cookie. * Aspire improves the experience of building .NET cloud-native apps. It provides a consistent, opinionated set of tools and patterns for building and running distributed apps. * YARP (Yet Another Reverse Proxy) is a library used to create a reverse proxy server. +* The app uses server-side and client-side service abstractions to display generated weather data. + * When rendering the `Weather` component on the server to display weather data, the component uses the `ServerWeatherForecaster`. Microsoft Identity Web packages provide API to create a named downstream web service for making web API calls. is injected into the `ServerWeatherForecaster`, which is used to call to obtain weather data from an external web API (`MinimalApiJwt` project). + * When the `Weather` component is rendered on the client, the component uses the `ClientWeatherForecaster` service implementation, which uses a preconfigured (in the client project's `Program` file) to make a web API call to the server project's Minimal API (`/weather-forecast`) for weather data. The Minimal API endpoint obtains an access token for the user by calling . Along with the correct scopes, a reverse proxy call is made to the external web API (`MinimalApiJwt` project) to obtain and return weather data to the client for rendering by the component. @@ -937,7 +939,10 @@ For more information on how this app secures its weather data, see [Secure data ## Additional resources +* [Call a web API from an ASP.NET Core Blazor app: Microsoft identity platform for web API calls](xref:blazor/call-web-api#microsoft-identity-platform-for-web-api-calls) * [Microsoft identity platform documentation](/entra/identity-platform/) +* [Web API documentation | Microsoft identity platform](/entra/identity-platform/index-web-api) +* [A web API that calls web APIs: Call an API: Option 2: Call a downstream web API with the helper class](/entra/identity-platform/scenario-web-api-call-api-call-api?tabs=aspnetcore#option-2-call-a-downstream-web-api-with-the-helper-class) * [`AzureAD/microsoft-identity-web` GitHub repository](https://github.com/AzureAD/microsoft-identity-web/wiki): Helpful guidance on implementing Microsoft Identity Web for Microsoft Entra ID and Azure Active Directory B2C for ASP.NET Core apps, including links to sample apps and related Azure documentation. Currently, Blazor Web Apps aren't explicitly addressed by the Azure documentation, but the setup and configuration of a Blazor Web App for ME-ID and Azure hosting is the same as it is for any ASP.NET Core web app. * [`AuthenticationStateProvider` service](xref:blazor/security/index#authenticationstateprovider-service) * [Manage authentication state in Blazor Web Apps](xref:blazor/security/index#manage-authentication-state-in-blazor-web-apps) From 852dd54a00fe199032a809e07bdeee94b77973b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20K=C3=B6plinger?= Date: Wed, 4 Jun 2025 20:59:01 +0200 Subject: [PATCH 2/5] Fix links to old 2FA SMS auth page (#35579) A user reported this, we should probably be linking to the MFA page. --- aspnetcore/security/authentication/identity.md | 2 +- aspnetcore/security/how-to-choose-identity-solution.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aspnetcore/security/authentication/identity.md b/aspnetcore/security/authentication/identity.md index f4082ecd3d9c..2d415b78e8c5 100644 --- a/aspnetcore/security/authentication/identity.md +++ b/aspnetcore/security/authentication/identity.md @@ -253,7 +253,7 @@ To prevent publishing static Identity assets (stylesheets and JavaScript files f * * * -* +* * :::moniker-end diff --git a/aspnetcore/security/how-to-choose-identity-solution.md b/aspnetcore/security/how-to-choose-identity-solution.md index 85e4591b842c..060ad61eb9ee 100644 --- a/aspnetcore/security/how-to-choose-identity-solution.md +++ b/aspnetcore/security/how-to-choose-identity-solution.md @@ -17,7 +17,7 @@ Most web apps support authentication to ensure that users are who they claim to ASP.NET Core ships with a built-in authentication provider: [ASP.NET Core Identity](xref:security/authentication/identity). The provider includes the APIs, UI, and backend database configuration to support managing user identities, storing user credentials, and granting or revoking permissions. Other features it supports include: * [External logins](xref:security/authentication/social/index) -* [Two-factor authentication (2FA)](xref:security/authentication/2fa) +* [Multi-factor authentication (MFA)](xref:security/authentication/mfa) * [Password management](xref:security/authentication/accconfirm) * Account lockout and reactivation * Authenticator apps From 99d6b837e86205442f92490350bccacdcf3d1567 Mon Sep 17 00:00:00 2001 From: Chris van Dijk Date: Thu, 5 Jun 2025 13:04:53 +0200 Subject: [PATCH 3/5] Clarify Razor's handling of data- attributes (#35583) --- aspnetcore/mvc/views/razor.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/aspnetcore/mvc/views/razor.md b/aspnetcore/mvc/views/razor.md index 2b4dd7d207e9..b0e729a8cf13 100644 --- a/aspnetcore/mvc/views/razor.md +++ b/aspnetcore/mvc/views/razor.md @@ -261,9 +261,9 @@ Extra `@` characters in a Razor file can cause compiler errors at statements lat ### Conditional attribute rendering -Razor automatically omits attributes that aren't needed. If the value passed in is `null` or `false`, the attribute isn't rendered. +Razor automatically omits attributes that aren't required. If the value passed in is `null` or `false`, the attribute isn't rendered. -For example, consider the following razor: +For example, consider the following Razor markup: ```cshtml
False
@@ -289,6 +289,20 @@ The preceding Razor markup generates the following HTML: ``` +Razor retains `data-` attributes if their values are `null` or `false`. + +Consider the following Razor markup: + +```cshtml +
+``` + +The preceding Razor markup generates the following HTML: + +```html +
+``` + ## Control structures Control structures are an extension of code blocks. All aspects of code blocks (transitioning to markup, inline C#) also apply to the following structures: From b10c7e9ccbb11ff98fedfec20a8c7a98809cb0c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Foidl?= Date: Sun, 8 Jun 2025 16:21:10 +0200 Subject: [PATCH 4/5] Fixed comparison table HTTP/2 <-> HTTP/3 (#35591) --- .../fundamentals/servers/kestrel/http3.md | 20 ++++++++----------- 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/aspnetcore/fundamentals/servers/kestrel/http3.md b/aspnetcore/fundamentals/servers/kestrel/http3.md index cef28048d585..f1bd35f9ebb7 100644 --- a/aspnetcore/fundamentals/servers/kestrel/http3.md +++ b/aspnetcore/fundamentals/servers/kestrel/http3.md @@ -27,18 +27,14 @@ uid: fundamentals/servers/kestrel/http3 * Is the latest version of the Hypertext Transfer Protocol. * Builds on the strengths of `HTTP/2` while addressing some of its limitations, particularly in terms of performance, latency, reliability, and security. -+---------------+-------------------------+-------------------------+ -| Feature | `HTTP/2` | `HTTP/3` | -+---------------+-------------------------+-------------------------+ -| Transport | Uses [TCP](https://developer.mozilla.org/docs/Glossary/TCP) | Uses [QUIC](https://www.rfc-editor.org/rfc/rfc9000.html) | -| Layer | | | -| Connection | Slower due to TCP + TLS | Faster with 0-RTT QUIC | -| Setup | handshake | handshakes | -| Head-of-Line | Affected by TCP-level | Eliminated with QUIC | -| Blocking | blocking | stream multiplexing | -| Encryption | TLS over TCP | TLS is built into QUIC | -+---------------+-------------------------+-------------------------+ - +| Feature | `HTTP/2` | `HTTP/3` | +|--------------|-------------------------------------------------------------|----------------------------------------------------------| +| Transport | Uses [TCP](https://developer.mozilla.org/docs/Glossary/TCP) | Uses [QUIC](https://www.rfc-editor.org/rfc/rfc9000.html) | +| Connection | Slower due to TCP + TLS | Faster with 0-RTT QUIC | +| Setup | handshake | handshakes | +| Head-of-Line | Affected by TCP-level | Eliminated with QUIC | +| Blocking | blocking | stream multiplexing | +| Encryption | TLS over TCP | TLS is built into QUIC | The key differences from `HTTP/2` to `HTTP/3` are: From c177395faa6147adf1d2b898bc1202a5a2ae1bcb Mon Sep 17 00:00:00 2001 From: Luke Latham <1622880+guardrex@users.noreply.github.com> Date: Sun, 8 Jun 2025 20:23:29 -0400 Subject: [PATCH 5/5] Update article version (#35596) --- aspnetcore/fundamentals/map-static-files.md | 10 ++++++---- aspnetcore/release-notes/aspnetcore-2.2.md | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/aspnetcore/fundamentals/map-static-files.md b/aspnetcore/fundamentals/map-static-files.md index bb212a61a181..11eb8b7536ce 100644 --- a/aspnetcore/fundamentals/map-static-files.md +++ b/aspnetcore/fundamentals/map-static-files.md @@ -2,7 +2,7 @@ title: Map static files in ASP.NET Core author: rick-anderson description: Learn how to serve and secure mapped static files and configure static file hosting middleware behaviors in an ASP.NET Core web app. -monikerRange: '>= aspnetcore-8.0' +monikerRange: '>= aspnetcore-9.0' ms.author: riande ms.custom: mvc ms.date: 3/18/2025 @@ -10,7 +10,11 @@ uid: fundamentals/map-static-files --- # Map static files in ASP.NET Core -:::moniker range=">= aspnetcore-9.0" + By [Rick Anderson](https://twitter.com/RickAndMSFT) @@ -209,5 +213,3 @@ The following code updates `IWebHostEnvironment.WebRootPath` to a non developmen * [Introduction to ASP.NET Core](xref:index) * * - -:::moniker-end diff --git a/aspnetcore/release-notes/aspnetcore-2.2.md b/aspnetcore/release-notes/aspnetcore-2.2.md index b38b8e5d4874..e765324d44ff 100644 --- a/aspnetcore/release-notes/aspnetcore-2.2.md +++ b/aspnetcore/release-notes/aspnetcore-2.2.md @@ -77,7 +77,7 @@ For more information, see [in-process hosting for IIS](xref:host-and-deploy/aspn ASP.NET Core 2.2 introduces a Java Client for SignalR. This client supports connecting to an ASP.NET Core SignalR Server from Java code, including Android apps. -For more information, see [ASP.NET Core SignalR Java client](../signalr/java-client.md?view=aspnetcore-2.2). +For more information, see [ASP.NET Core SignalR Java client](../signalr/java-client.md?view=aspnetcore-2.2&preserve-view=true). ## CORS improvements