Blazor WASM secure app via Imports update (#23187)

aspnetcore/blazor/security/webassembly/index.md

@@ -68,12 +68,23 @@ In Blazor WebAssembly apps, authorization checks can be bypassed because all cli
 
 Apply the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute) ([API documentation](xref:System.Web.Mvc.AuthorizeAttribute)) to each Razor component of the app using one of the following approaches:
 
-* Use the [`@attribute`](xref:mvc/views/razor#attribute) directive in the `_Imports.razor` file:
+* In the app's Imports file, add an [`@using`](xref:mvc/views/razor#using) directive for the <xref:Microsoft.AspNetCore.Authorization?displayProperty=fullName> namespace with an [`@attribute`](xref:mvc/views/razor#attribute) directive for the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute).
+
+  `_Imports.razor`:
 
   ```razor
   @using Microsoft.AspNetCore.Authorization
   @attribute [Authorize]
   ```
+  
+  Allow anonymous access to the `Authentication` component to permit redirection to the Idenfity Provider. Add the following Razor code to the `Authentication` component under its [`@page`](xref:mvc/views/razor#page) directive.
+  
+  `Pages/Authentication.razor`:
+  
+  ```razor
+  @using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+  @attribute [AllowAnonymous]
+  ```
 
 * Add the attribute to each Razor component in the `Pages` folder.
 
@@ -190,12 +201,23 @@ In Blazor WebAssembly apps, authorization checks can be bypassed because all cli
 
 Apply the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute) ([API documentation](xref:System.Web.Mvc.AuthorizeAttribute)) to each Razor component of the app using one of the following approaches:
 
-* Use the [`@attribute`](xref:mvc/views/razor#attribute) directive in the `_Imports.razor` file:
+* In the app's Imports file, add an [`@using`](xref:mvc/views/razor#using) directive for the <xref:Microsoft.AspNetCore.Authorization?displayProperty=fullName> namespace with an [`@attribute`](xref:mvc/views/razor#attribute) directive for the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute).
+
+  `_Imports.razor`:
 
   ```razor
   @using Microsoft.AspNetCore.Authorization
   @attribute [Authorize]
   ```
+  
+  Allow anonymous access to the `Authentication` component to permit redirection to the Idenfity Provider. Add the following Razor code to the `Authentication` component under its [`@page`](xref:mvc/views/razor#page) directive.
+  
+  `Pages/Authentication.razor`:
+  
+  ```razor
+  @using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+  @attribute [AllowAnonymous]
+  ```
 
 * Add the attribute to each Razor component in the `Pages` folder.
 
@@ -312,12 +334,23 @@ In Blazor WebAssembly apps, authorization checks can be bypassed because all cli
 
 Apply the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute) ([API documentation](xref:System.Web.Mvc.AuthorizeAttribute)) to each Razor component of the app using one of the following approaches:
 
-* Use the [`@attribute`](xref:mvc/views/razor#attribute) directive in the `_Imports.razor` file:
+* In the app's Imports file, add an [`@using`](xref:mvc/views/razor#using) directive for the <xref:Microsoft.AspNetCore.Authorization?displayProperty=fullName> namespace with an [`@attribute`](xref:mvc/views/razor#attribute) directive for the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute).
+
+  `_Imports.razor`:
 
   ```razor
   @using Microsoft.AspNetCore.Authorization
   @attribute [Authorize]
   ```
+  
+  Allow anonymous access to the `Authentication` component to permit redirection to the Idenfity Provider. Add the following Razor code to the `Authentication` component under its [`@page`](xref:mvc/views/razor#page) directive.
+  
+  `Pages/Authentication.razor`:
+  
+  ```razor
+  @using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+  @attribute [AllowAnonymous]
+  ```
 
 * Add the attribute to each Razor component in the `Pages` folder.