Cover a Blazor security migration scenario (#20472)

aspnetcore/includes/blazor-security/troubleshoot.md

@@ -1,5 +1,27 @@
 ## Troubleshoot
 
+::: moniker range=">= aspnetcore-5.0"
+
+### Common errors
+
+* Unauthorized client for AAD
+
+  > info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
+  > Authorization failed. These requirements were not met:
+  > DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
+
+  Login callback error from AAD:
+
+  * Error: `unauthorized_client`
+  * Description: `AADB2C90058: The provided application is not configured to allow public clients.`
+
+  To resolve the error:
+
+  1. In the Azure portal, access the [app's manifest](/azure/active-directory/develop/reference-app-manifest).
+  1. Set the [`allowPublicClient`](/azure/active-directory/develop/reference-app-manifest#allowpublicclient-attribute) attribute to `null` or `true`.
+
+::: moniker-end
+
 ### Cookies and site data
 
 Cookies and site data can persist across app updates and interfere with testing and troubleshooting. Clear the following when making app code changes, user account changes with the provider, or provider app configuration changes:

aspnetcore/migration/31-to-50.md

@@ -91,6 +91,8 @@ For a Blazor WebAssembly project, including the *`Client`* project of a hosted B
     -    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="3.2.1" PrivateAssets="all" />
     ```
 
+1. Update other packages to their latest versions. The latest versions can be found at [NuGet.org](https://www.nuget.org).
+
 ### Standalone Blazor WebAssembly app with Microsoft Accounts
 
 For a standalone Blazor WebAssembly app registered in the Azure portal to use Azure Active Directory (AAD) for Microsoft Accounts:
@@ -134,10 +136,29 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az
   
 * The platform configuration is set to **Single-page application (SPA)** in the Azure portal with the app's redirect URI.
 
-For more information, see <xref:blazor/security/webassembly/hosted-with-azure-active-directory-b2c>.
+For more information, see <xref:blazor/security/webassembly/standalone-with-azure-active-directory-b2c>.
 
-> [!NOTE]
-> Update the *`Server`* project of a hosted Blazor solution as an ASP.NET Core app following the general guidance in this article.
+### Update the Server project of a hosted Blazor solution
+
+Update the *`Server`* project of a hosted Blazor solution as an ASP.NET Core app following the general guidance in this article.
+
+### Unauthorized client for Azure Active Directory (AAD)
+
+After upgrading a Blazor WebAssembly app that uses AAD for authentication, you may receive the following error on the login callback to the app after the user signs in with AAD:
+
+> info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
+> Authorization failed. These requirements were not met:
+> DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
+
+Login callback error from AAD:
+
+* Error: `unauthorized_client`
+* Description: `AADB2C90058: The provided application is not configured to allow public clients.`
+
+To resolve the error:
+
+1. In the Azure portal, access the [app's manifest](/azure/active-directory/develop/reference-app-manifest).
+1. Set the [`allowPublicClient`](/azure/active-directory/develop/reference-app-manifest#allowpublicclient-attribute) attribute to `null` or `true`.
 
 ## Update package references