From 1203e32c0602e82793e457ff7ddcdaf3686c5a19 Mon Sep 17 00:00:00 2001
From: Luke Latham <1622880+guardrex@users.noreply.github.com>
Date: Thu, 2 Sep 2021 06:06:32 -0500
Subject: [PATCH] Blazor WASM secure app via Imports update (#23187)

---
 .../blazor/security/webassembly/index.md      | 39 +++++++++++++++++--
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/aspnetcore/blazor/security/webassembly/index.md b/aspnetcore/blazor/security/webassembly/index.md
index 7e28375f89..1d2acb0758 100644
--- a/aspnetcore/blazor/security/webassembly/index.md
+++ b/aspnetcore/blazor/security/webassembly/index.md
@@ -68,12 +68,23 @@ In Blazor WebAssembly apps, authorization checks can be bypassed because all cli
 
 Apply the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute) ([API documentation](xref:System.Web.Mvc.AuthorizeAttribute)) to each Razor component of the app using one of the following approaches:
 
-* Use the [`@attribute`](xref:mvc/views/razor#attribute) directive in the `_Imports.razor` file:
+* In the app's Imports file, add an [`@using`](xref:mvc/views/razor#using) directive for the <xref:Microsoft.AspNetCore.Authorization?displayProperty=fullName> namespace with an [`@attribute`](xref:mvc/views/razor#attribute) directive for the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute).
+
+  `_Imports.razor`:
 
   ```razor
   @using Microsoft.AspNetCore.Authorization
   @attribute [Authorize]
   ```
+  
+  Allow anonymous access to the `Authentication` component to permit redirection to the Idenfity Provider. Add the following Razor code to the `Authentication` component under its [`@page`](xref:mvc/views/razor#page) directive.
+  
+  `Pages/Authentication.razor`:
+  
+  ```razor
+  @using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+  @attribute [AllowAnonymous]
+  ```
 
 * Add the attribute to each Razor component in the `Pages` folder.
 
@@ -190,12 +201,23 @@ In Blazor WebAssembly apps, authorization checks can be bypassed because all cli
 
 Apply the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute) ([API documentation](xref:System.Web.Mvc.AuthorizeAttribute)) to each Razor component of the app using one of the following approaches:
 
-* Use the [`@attribute`](xref:mvc/views/razor#attribute) directive in the `_Imports.razor` file:
+* In the app's Imports file, add an [`@using`](xref:mvc/views/razor#using) directive for the <xref:Microsoft.AspNetCore.Authorization?displayProperty=fullName> namespace with an [`@attribute`](xref:mvc/views/razor#attribute) directive for the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute).
+
+  `_Imports.razor`:
 
   ```razor
   @using Microsoft.AspNetCore.Authorization
   @attribute [Authorize]
   ```
+  
+  Allow anonymous access to the `Authentication` component to permit redirection to the Idenfity Provider. Add the following Razor code to the `Authentication` component under its [`@page`](xref:mvc/views/razor#page) directive.
+  
+  `Pages/Authentication.razor`:
+  
+  ```razor
+  @using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+  @attribute [AllowAnonymous]
+  ```
 
 * Add the attribute to each Razor component in the `Pages` folder.
 
@@ -312,12 +334,23 @@ In Blazor WebAssembly apps, authorization checks can be bypassed because all cli
 
 Apply the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute) ([API documentation](xref:System.Web.Mvc.AuthorizeAttribute)) to each Razor component of the app using one of the following approaches:
 
-* Use the [`@attribute`](xref:mvc/views/razor#attribute) directive in the `_Imports.razor` file:
+* In the app's Imports file, add an [`@using`](xref:mvc/views/razor#using) directive for the <xref:Microsoft.AspNetCore.Authorization?displayProperty=fullName> namespace with an [`@attribute`](xref:mvc/views/razor#attribute) directive for the [`[Authorize]` attribute](xref:blazor/security/index#authorize-attribute).
+
+  `_Imports.razor`:
 
   ```razor
   @using Microsoft.AspNetCore.Authorization
   @attribute [Authorize]
   ```
+  
+  Allow anonymous access to the `Authentication` component to permit redirection to the Idenfity Provider. Add the following Razor code to the `Authentication` component under its [`@page`](xref:mvc/views/razor#page) directive.
+  
+  `Pages/Authentication.razor`:
+  
+  ```razor
+  @using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+  @attribute [AllowAnonymous]
+  ```
 
 * Add the attribute to each Razor component in the `Pages` folder.