Add Passkey authentication support to Identity scaffolders for .NET 10 #3289
Description
Goal
With .NET 10, ASP.NET Core Identity has first-class support for passkey (WebAuthn/FIDO2) authentication. The goal of this issue is to update all Identity-related scaffolders in this repo (CLI and Visual Studio) to support passkey registration and authentication for Blazor Web App projects. This ensures users of both Visual Studio and the CLI can scaffold Blazor apps that take advantage of the new passwordless authentication options shipping in .NET 10.
Current State
- The repo contains two sets of scaffolders for Identity:
- Legacy scaffolders (used by Visual Studio), under
src/Scaffolding/VS.Web.CG.Mvc/Identity/ - New scaffolders (CLI-based, used via
dotnet scaffold), undersrc/dotnet-scaffolding/dotnet-scaffold/AspNet/
- Legacy scaffolders (used by Visual Studio), under
- Both support adding authentication/identity to ASP.NET Core apps via T4 templates, code modifications, and package installation.
- Passkey support is only present in the Blazor Web App project template (see PR), not in MVC or Razor Pages templates.
Required Changes
1. Update Scaffolded Output
Update the Identity scaffolding output for Blazor Web App projects so it matches the Blazor Web App template's passkey support, including:
- Components:
Components/Account/Shared/PasskeySubmit.razorComponents/Account/Shared/PasskeySubmit.razor.jsComponents/Account/PasskeyInputModel.csComponents/Account/PasskeyOperation.cs
- Pages (Account / Manage):
Components/Account/Pages/Manage/Passkeys.razor(list, add, delete, link to rename)Components/Account/Pages/Manage/RenamePasskey.razor- Add navigation entry in
Components/Account/Shared/ManageNavMenu.razor("Passkeys").
- Login:
- Update
Components/Account/Pages/Login.razorto include a passkey sign-in button and logic:- If
Input.Passkey.CredentialJsonis present, callSignInManager.PasskeySignInAsync; otherwise, perform password sign-in.
- If
- Update
- Script inclusion:
- Add
<script src="@Assets["Components/Account/Shared/PasskeySubmit.razor.js"]" type="module"></script>inComponents/App.razorfor Individual Local Auth.
- Add
2. Identity Configuration
Update the scaffolded Program.cs for Blazor Web App projects to include:
builder.Services.AddIdentityCore<ApplicationUser>(options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Stores.SchemaVersion = IdentitySchemaVersions.Version3;
})This ensures the proper schema version is set for passkey support.
3. EF Core Model / Migrations
- Include the
AspNetUserPasskeystable andIdentityUserPasskey<string>mapping (with ownedIdentityPasskeyData) as in the Blazor Web App template model. - Update migrations logic (or embedded baseline migration) so projects scaffolded with Identity + passkeys can create the passkey table.
4. Test Updates
Update existing tests to account for the new or changed files in the scaffolded output, mirroring the passkey support present in the Blazor Web App template.
References
- Official docs: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/passkeys/?view=aspnetcore-10.0
- Andrew Lock blog: https://andrewlock.net/exploring-dotnet-10-preview-features-6-passkey-support-for-aspnetcore-identity/
- Blazor Web App template:
src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp - Passkey PR: Add passkeys to ASP.NET Core Identity aspnetcore#62112
Note: Passkey support should always be included for Blazor Web App scaffolding; there is no option to exclude it. Changes are limited to Blazor and do not affect MVC or Razor Pages scaffolding.