Add passkey (WebAuthn/FIDO2) support and sync Blazor Identity scaffolder with .NET 10 template (#3291)

Co-authored-by: MackinnonBuck <[email protected]>
Co-authored-by: Mackinnon Buck <[email protected]>

Author: Copilot

src/Scaffolding/VS.Web.CG.Mvc/BlazorIdentity/BlazorIdentityGenerator.cs

@@ -89,6 +89,12 @@ private IEnumerable<string> GeneralT4Files
             }
         }
 
+        private IReadOnlyList<(string TemplateFolder, string FullPath)> _allBlazorIdentityStaticFiles;
+        private IReadOnlyList<(string TemplateFolder, string FullPath)> AllBlazorIdentityStaticFiles
+        {
+            get => _allBlazorIdentityStaticFiles ??= [.. BlazorIdentityHelper.GetBlazorIdentityStaticFiles(FileSystem, TemplateFolders)];
+        }
+
         private IList<Type> _blazorIdentityTemplateTypes;
         private IList<Type> BlazorIdentityTemplateTypes
         {
@@ -141,6 +147,7 @@ public async Task GenerateCode(BlazorIdentityCommandLineModel model)
 
             var blazorTemplateModel = await ValidateAndBuild(model);
             ExecuteTemplates(blazorTemplateModel);
+            AddStaticFiles(blazorTemplateModel);
             AddReadmeFile(blazorTemplateModel.BaseOutputPath);
             await ModifyFilesAsync(blazorTemplateModel);
         }
@@ -463,8 +470,9 @@ private void ExecuteTemplates(BlazorIdentityModel templateModel)
                 var templatedString = templateInvoker.InvokeTemplate(contextTemplate, dictParams);
                 if (!string.IsNullOrEmpty(templatedString))
                 {
-                    //currently only Identity...cs files are of CSharp type, rest are razor
-                    string extension = templateName.StartsWith("identity", StringComparison.OrdinalIgnoreCase) ? ".cs" : ".razor";
+                    // Files in Pages and Shared folders are Razor components, others are C# files
+                    string extension = templateName.StartsWith("Pages", StringComparison.OrdinalIgnoreCase) ||
+                                       templateName.StartsWith("Shared", StringComparison.OrdinalIgnoreCase) ? ".razor" : ".cs";
                     string templateNameWithNamespace = $"{templateModel.BlazorIdentityNamespace}.{templateName}";
                     string templatePath = StringUtil.ToPath(templateNameWithNamespace, templateModel.BaseOutputPath, ProjectContext.RootNamespace);
                     string templatedFilePath = $"{templatePath}{extension}";
@@ -546,6 +554,31 @@ private void ExecuteDbContextTemplate(IdentityDbContextModel model)
             }
         }
 
+        private void AddStaticFiles(BlazorIdentityModel templateModel)
+        {
+            var identityComponentsAccountPath = Path.Combine(templateModel.BaseOutputPath, "Components", "Account");
+            if (!FileSystem.DirectoryExists(identityComponentsAccountPath))
+            {
+                FileSystem.CreateDirectory(identityComponentsAccountPath);
+            }
+
+            foreach (var (templateFolder, sourceFilePath) in AllBlazorIdentityStaticFiles)
+            {
+                var relativeFilePath = Path.GetRelativePath(templateFolder, sourceFilePath);
+                var destinationFilePath = Path.Combine(identityComponentsAccountPath, relativeFilePath);
+
+                var folderName = Path.GetDirectoryName(destinationFilePath);
+                if (!FileSystem.DirectoryExists(folderName))
+                {
+                    FileSystem.CreateDirectory(folderName);
+                }
+
+                var fileContent = FileSystem.ReadAllText(sourceFilePath);
+                FileSystem.WriteAllText(destinationFilePath, fileContent);
+                Logger.LogMessage($"Added static file : {destinationFilePath}");
+            }
+        }
+
         private ITextTransformation GetBlazorIdentityTransformation(string templateName)
         {
             if (string.IsNullOrEmpty(templateName))

src/Scaffolding/VS.Web.CG.Mvc/BlazorIdentity/BlazorIdentityHelper.cs

@@ -19,6 +19,9 @@ internal static class BlazorIdentityHelper
         internal const string GetConnectionString = nameof(GetConnectionString);
         internal const string UseSqlite = nameof(UseSqlite);
         internal const string UseSqlServer = nameof(UseSqlServer);
+
+        private static readonly HashSet<string> _staticFileExtensions = [".js"];
+
         internal static string GetFormattedRelativeIdentityFile(string fullFileName)
         {
             string identifier = "BlazorIdentity\\";
@@ -56,8 +59,8 @@ internal static string EditIdentityStrings(string stringToModify, string dbConte
             }
             if (stringToModify.Contains(GetConnectionString))
             {
-                modifiedString = modifiedString.Replace("GetConnectionString(\"{0}\")", $"GetConnectionString(\"{dbContextClassName}Connection\")");
-                modifiedString = modifiedString.Replace("Connection string '{0}'", $"Connection string '{dbContextClassName}Connection'");
+                modifiedString = modifiedString.Replace("GetConnectionString(\"{0}\")", $"GetConnectionString(\"{dbContextClassName}\")");
+                modifiedString = modifiedString.Replace("Connection string '{0}'", $"Connection string '{dbContextClassName}'");
             }
 
             return modifiedString;
@@ -74,6 +77,20 @@ internal static IEnumerable<string> GetGeneralT4Files(IFileSystem fileSystem, IE
             return null;
         }
 
+        internal static IEnumerable<(string TemplateFolder, string FullPath)> GetBlazorIdentityStaticFiles(IFileSystem fileSystem, IEnumerable<string> templateFolders)
+        {
+            var blazorIdentityTemplateFolder = templateFolders.FirstOrDefault(x => x.Contains("BlazorIdentity", StringComparison.OrdinalIgnoreCase));
+            if (!string.IsNullOrEmpty(blazorIdentityTemplateFolder) && fileSystem.DirectoryExists(blazorIdentityTemplateFolder))
+            {
+                var allFiles = fileSystem.EnumerateFiles(blazorIdentityTemplateFolder, "*.*", SearchOption.AllDirectories);
+                return allFiles
+                    .Where(f => _staticFileExtensions.Contains(Path.GetExtension(f)))
+                    .Select(f => (blazorIdentityTemplateFolder, f));
+            }
+
+            return null;
+        }
+
         /// <summary>
         /// returning full file paths (.tt) for all blazor identity templates
         /// TODO throw exception if nothing found, can't really scaffold is no files were found

src/Scaffolding/VS.Web.CG.Mvc/BlazorIdentity/blazorIdentityChanges.json

@@ -19,13 +19,6 @@
                 "Newline": true
               }
             },
-            {
-              "InsertBefore": [ "var app = WebApplication.CreateBuilder.Build();" ],
-              "Block": "WebApplication.CreateBuilder.Services.AddScoped<IdentityUserAccessor>()",
-              "LeadingTrivia": {
-                "Newline": true
-              }
-            },
             {
               "InsertBefore": [ "var app = WebApplication.CreateBuilder.Build();" ],
               "Block": "WebApplication.CreateBuilder.Services.AddScoped<IdentityRedirectManager>()",
@@ -71,7 +64,11 @@
               "InsertBefore": [ "var app = WebApplication.CreateBuilder.Build();" ],
               "CheckBlock" : "builder.Services.AddIdentityCore",
               "MultiLineBlock": [
-                "builder.Services.AddIdentityCore<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)",
+                "builder.Services.AddIdentityCore<ApplicationUser>(options =>",
+                "    {",
+                "        options.SignIn.RequireConfirmedAccount = true;",
+                "        options.Stores.SchemaVersion = IdentitySchemaVersions.Version3;",
+                "    })",
                 "    .AddEntityFrameworkStores<ApplicationDbContext>()",
                 "    .AddSignInManager()",
                 "    .AddDefaultTokenProviders()"
@@ -247,6 +244,21 @@
           "CheckBlock": "Microsoft.AspNetCore.Components.Authorization"
         }
       ]
+    },
+    {
+      "FileName":  "Components\\App.razor",
+      "Replacements":  [
+        {
+          "ReplaceSnippet": [
+            "</body>"
+          ],
+          "MultiLineBlock": [
+            "    <script src=\"@Assets[\"Components/Account/Shared/PasskeySubmit.razor.js\"]\" type=\"module\"></script>",
+            "</body>"
+          ],
+          "CheckBlock": "PasskeySubmit.razor.js"
+        }
+      ]
     }
   ]
-}
+}

src/Scaffolding/VS.Web.CG.Mvc/Templates/Blazor/Delete.cs

@@ -102,8 +102,8 @@ public virtual string TransformText()
             this.Write(this.ToStringHelper.ToStringWithCulture(primaryKeyName));
             this.Write(");\r\n\r\n        if (");
             this.Write(this.ToStringHelper.ToStringWithCulture(modelNameLowerInv));
-            this.Write(" is null)\r\n        {\r\n            NavigationManager.NotFound();\r\n    " +
-                    "    }\r\n    }\r\n\r\n    private async Task Delete");
+            this.Write(" is null)\r\n        {\r\n            NavigationManager.NotFound();\r\n        }\r\n    }" +
+                    "\r\n\r\n    private async Task Delete");
             this.Write(this.ToStringHelper.ToStringWithCulture(modelName));
             this.Write("()\r\n    {\r\n        using var context = DbFactory.CreateDbContext();\r\n        cont" +
                     "ext.");

src/Scaffolding/VS.Web.CG.Mvc/Templates/Blazor/Details.cs

@@ -102,8 +102,8 @@ public virtual string TransformText()
             this.Write(this.ToStringHelper.ToStringWithCulture(primaryKeyName));
             this.Write(");\r\n\r\n        if (");
             this.Write(this.ToStringHelper.ToStringWithCulture(modelNameLowerInv));
-            this.Write(" is null)\r\n        {\r\n            NavigationManager.NotFound();\r\n    " +
-                    "    }\r\n    }\r\n}\r\n");
+            this.Write(" is null)\r\n        {\r\n            NavigationManager.NotFound();\r\n        }\r\n    }" +
+                    "\r\n}\r\n");
             return this.GenerationEnvironment.ToString();
         }
         private global::Microsoft.VisualStudio.TextTemplating.ITextTemplatingEngineHost hostValue;

src/Scaffolding/VS.Web.CG.Mvc/Templates/Blazor/Edit.cs

@@ -155,9 +155,9 @@ public virtual string TransformText()
             this.Write(this.ToStringHelper.ToStringWithCulture(modelName));
             this.Write("!.");
             this.Write(this.ToStringHelper.ToStringWithCulture(primaryKeyName));
-            this.Write("))\r\n            {\r\n                NavigationManager.NotFound();\r\n   " +
-                    "         }\r\n            else\r\n            {\r\n                throw;\r\n           " +
-                    " }\r\n        }\r\n\r\n        NavigationManager.NavigateTo(\"/");
+            this.Write("))\r\n            {\r\n                NavigationManager.NotFound();\r\n            }\r\n" +
+                    "            else\r\n            {\r\n                throw;\r\n            }\r\n        " +
+                    "}\r\n\r\n        NavigationManager.NavigateTo(\"/");
             this.Write(this.ToStringHelper.ToStringWithCulture(pluralModelLowerInv));
             this.Write("\");\r\n    }\r\n\r\n    private bool ");
             this.Write(this.ToStringHelper.ToStringWithCulture(modelName));

src/Scaffolding/VS.Web.CG.Mvc/Templates/BlazorIdentity/IdentityComponentsEndpointRouteBuilderExtensions.Interfaces.cs

@@ -6,4 +6,3 @@ public partial class IdentityComponentsEndpointRouteBuilderExtensions : ITextTra
     {
     }
 }
-

src/Scaffolding/VS.Web.CG.Mvc/Templates/BlazorIdentity/IdentityComponentsEndpointRouteBuilderExtensions.cs

@@ -34,6 +34,7 @@ public virtual string TransformText()
         $"{Model.BlazorIdentityNamespace}.Pages",
         $"{Model.BlazorIdentityNamespace}.Pages.Manage",
         "Microsoft.AspNetCore.Authentication",
+        "Microsoft.AspNetCore.Antiforgery",
         "Microsoft.AspNetCore.Components.Authorization",
         "Microsoft.AspNetCore.Http.Extensions",
         "Microsoft.AspNetCore.Identity",
@@ -83,7 +84,7 @@ public static IEndpointConventionBuilder MapAdditionalIdentityEndpoints(this IEn
 
             accountGroup.MapPost(""/Logout"", async (
                 ClaimsPrincipal user,
-                SignInManager<");
+                [FromServices] SignInManager<");
             this.Write(this.ToStringHelper.ToStringWithCulture(Model.UserClassName));
             this.Write(@"> signInManager,
                 [FromForm] string returnUrl) =>
@@ -92,6 +93,51 @@ public static IEndpointConventionBuilder MapAdditionalIdentityEndpoints(this IEn
                 return TypedResults.LocalRedirect($""~/{returnUrl}"");
             });
 
+            accountGroup.MapPost(""/PasskeyCreationOptions"", async (
+                HttpContext context,
+                [FromServices] UserManager<");
+            this.Write(this.ToStringHelper.ToStringWithCulture(Model.UserClassName));
+            this.Write("> userManager,\r\n                [FromServices] SignInManager<");
+            this.Write(this.ToStringHelper.ToStringWithCulture(Model.UserClassName));
+            this.Write(@"> signInManager,
+                [FromServices] IAntiforgery antiforgery) =>
+            {
+                await antiforgery.ValidateRequestAsync(context);
+
+                var user = await userManager.GetUserAsync(context.User);
+                if (user is null)
+                {
+                    return Results.NotFound($""Unable to load user with ID '{userManager.GetUserId(context.User)}'."");
+                }
+
+                var userId = await userManager.GetUserIdAsync(user);
+                var userName = await userManager.GetUserNameAsync(user) ?? ""User"";
+                var optionsJson = await signInManager.MakePasskeyCreationOptionsAsync(new()
+                {
+                    Id = userId,
+                    Name = userName,
+                    DisplayName = userName
+                });
+                return TypedResults.Content(optionsJson, contentType: ""application/json"");
+            });
+
+            accountGroup.MapPost(""/PasskeyRequestOptions"", async (
+                HttpContext context,
+                [FromServices] UserManager<");
+            this.Write(this.ToStringHelper.ToStringWithCulture(Model.UserClassName));
+            this.Write("> userManager,\r\n                [FromServices] SignInManager<");
+            this.Write(this.ToStringHelper.ToStringWithCulture(Model.UserClassName));
+            this.Write(@"> signInManager,
+                [FromServices] IAntiforgery antiforgery,
+                [FromQuery] string? username) =>
+            {
+                await antiforgery.ValidateRequestAsync(context);
+
+                var user = string.IsNullOrEmpty(username) ? null : await userManager.FindByNameAsync(username);
+                var optionsJson = await signInManager.MakePasskeyRequestOptionsAsync(user);
+                return TypedResults.Content(optionsJson, contentType: ""application/json"");
+            });
+
             var manageGroup = accountGroup.MapGroup(""/Manage"").RequireAuthorization();
 
             manageGroup.MapPost(""/LinkExternalLogin"", async (

src/Scaffolding/VS.Web.CG.Mvc/Templates/BlazorIdentity/IdentityComponentsEndpointRouteBuilderExtensions.tt

@@ -13,6 +13,7 @@ using System.Text.Json;
         $"{Model.BlazorIdentityNamespace}.Pages",
         $"{Model.BlazorIdentityNamespace}.Pages.Manage",
         "Microsoft.AspNetCore.Authentication",
+        "Microsoft.AspNetCore.Antiforgery",
         "Microsoft.AspNetCore.Components.Authorization",
         "Microsoft.AspNetCore.Http.Extensions",
         "Microsoft.AspNetCore.Identity",
@@ -58,13 +59,52 @@ namespace Microsoft.AspNetCore.Routing
 
             accountGroup.MapPost("/Logout", async (
                 ClaimsPrincipal user,
-                SignInManager<<#= Model.UserClassName #>> signInManager,
+                [FromServices] SignInManager<<#= Model.UserClassName #>> signInManager,
                 [FromForm] string returnUrl) =>
             {
                 await signInManager.SignOutAsync();
                 return TypedResults.LocalRedirect($"~/{returnUrl}");
             });
 
+            accountGroup.MapPost("/PasskeyCreationOptions", async (
+                HttpContext context,
+                [FromServices] UserManager<<#= Model.UserClassName #>> userManager,
+                [FromServices] SignInManager<<#= Model.UserClassName #>> signInManager,
+                [FromServices] IAntiforgery antiforgery) =>
+            {
+                await antiforgery.ValidateRequestAsync(context);
+
+                var user = await userManager.GetUserAsync(context.User);
+                if (user is null)
+                {
+                    return Results.NotFound($"Unable to load user with ID '{userManager.GetUserId(context.User)}'.");
+                }
+
+                var userId = await userManager.GetUserIdAsync(user);
+                var userName = await userManager.GetUserNameAsync(user) ?? "User";
+                var optionsJson = await signInManager.MakePasskeyCreationOptionsAsync(new()
+                {
+                    Id = userId,
+                    Name = userName,
+                    DisplayName = userName
+                });
+                return TypedResults.Content(optionsJson, contentType: "application/json");
+            });
+
+            accountGroup.MapPost("/PasskeyRequestOptions", async (
+                HttpContext context,
+                [FromServices] UserManager<<#= Model.UserClassName #>> userManager,
+                [FromServices] SignInManager<<#= Model.UserClassName #>> signInManager,
+                [FromServices] IAntiforgery antiforgery,
+                [FromQuery] string? username) =>
+            {
+                await antiforgery.ValidateRequestAsync(context);
+
+                var user = string.IsNullOrEmpty(username) ? null : await userManager.FindByNameAsync(username);
+                var optionsJson = await signInManager.MakePasskeyRequestOptionsAsync(user);
+                return TypedResults.Content(optionsJson, contentType: "application/json");
+            });
+
             var manageGroup = accountGroup.MapGroup("/Manage").RequireAuthorization();
 
             manageGroup.MapPost("/LinkExternalLogin", async (

src/Scaffolding/VS.Web.CG.Mvc/Templates/BlazorIdentity/IdentityNoOpEmailSender.Interfaces.cs

@@ -6,4 +6,3 @@ public partial class IdentityNoOpEmailSender : ITextTransformation
     {
     }
 }
-