daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhance Blazor migration guidance (#20660)

pull/20661/head
Luke Latham 2020-11-18 14:39:51 -06:00 committed by GitHub
parent c443aad3d0
commit c2a1314fb7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 59 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
aspnetcore/migration/31-to-50.md
View File

@ -325,6 +325,8 @@ If updating a Blazor WebAssembly project, skip to the [Update Blazor WebAssembly
## Update Blazor WebAssembly projects
Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) section.
For a Blazor WebAssembly project, including the *`Client`* project of a hosted Blazor solution, apply the following changes to the project file:
1. Update the SDK from `Microsoft.NET.Sdk.Web` to `Microsoft.NET.Sdk.BlazorWebAssembly`:
@ -382,6 +384,8 @@ For a Blazor WebAssembly project, including the *`Client`* project of a hosted B
### Standalone Blazor WebAssembly app with Microsoft Accounts
Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) and [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections.
For a standalone Blazor WebAssembly app registered in the Azure portal to use Azure Active Directory (AAD) for Microsoft Accounts:
* The app requires the `openid` and `offline_access` scopes:
@ -391,14 +395,18 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az
options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access");
```
* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI.
* In the Azure portal app registration **Authentication** blade:
* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**.
1. Remove the **Web** platform configuration.
1. Add a **Single-page application** platform configuration with the app's redirect URI.
1. Disable **Implicit grant** for **Access tokens** and **ID tokens**.
For more information, see <xref:blazor/security/webassembly/standalone-with-microsoft-accounts>.
### Standalone Blazor WebAssembly app with Azure Active Directory (AAD)
Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) and [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections.
For a standalone Blazor WebAssembly app registered in the Azure portal to use Azure Active Directory (AAD):
* The app requires the `https://graph.microsoft.com/User.Read` scope:
@ -408,13 +416,17 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az
.Add("https://graph.microsoft.com/User.Read");
```
* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI.
* In the Azure portal app registration **Authentication** blade:
* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**.
1. Remove the **Web** platform configuration.
1. Add a **Single-page application** platform configuration with the app's redirect URI.
1. Disable **Implicit grant** for **Access tokens** and **ID tokens**.
For more information, see <xref:blazor/security/webassembly/standalone-with-azure-active-directory>.
### Standalone Blazor app with Azure Active Directory (AAD) B2C
### Standalone Blazor WebAssembly app with Azure Active Directory (AAD) B2C
Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) and [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections.
For a standalone Blazor WebAssembly app registered in the Azure portal to use Azure Active Directory (AAD) B2C:
@ -425,27 +437,25 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az
options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access");
```
* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI.
* In the Azure portal app registration **Authentication** blade:
* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**.
1. Remove the **Web** platform configuration.
1. Add a **Single-page application** platform configuration with the app's redirect URI.
1. Disable **Implicit grant** for **Access tokens** and **ID tokens**.
For more information, see <xref:blazor/security/webassembly/standalone-with-azure-active-directory-b2c>.
### Hosted Blazor WebAssembly app with Azure Active Directory (AAD) or B2C
The *`Client`* app registration of a hosted Blazor solution that uses AAD or AAD B2C for user authentication should use a **Single-page application** Azure Apps platform configuration:
1. In the Azure portal app registration for the *`Client`* app, remove the **Web** platform configuration.
1. Add a **Single-page application** platform configuration with the app's redirect URI.
1. Disable **Implicit grant** for **Access tokens** and **ID tokens**.
For more information, see:
* <xref:blazor/security/webassembly/hosted-with-azure-active-directory>
* <xref:blazor/security/webassembly/hosted-with-azure-active-directory-b2c>
### Update the Server project of a hosted Blazor solution
Follow the guidance in the preceding sections:
* [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects)
* [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections
* The section that applies to the app's provider with Azure Active Directory:
* [Standalone Blazor WebAssembly app with Microsoft Accounts](#standalone-blazor-webassembly-app-with-microsoft-accounts)
* [Standalone Blazor WebAssembly app with Azure Active Directory (AAD)](#standalone-blazor-webassembly-app-with-azure-active-directory-aad)
* [Standalone Blazor WebAssembly app with Azure Active Directory (AAD) B2C](#standalone-blazor-webassembly-app-with-azure-active-directory-aad-b2c)
Update the *`Server`* project of a hosted Blazor solution as an ASP.NET Core app following the general guidance in this article.
Additionally, *`Server`* projects that authenticate users to client Blazor WebAssembly apps with Azure Active Directory (AAD) or B2C should adopt new Microsoft Identity v2.0 packages:
@ -483,6 +493,35 @@ For more information, see:
* <xref:blazor/security/webassembly/hosted-with-azure-active-directory>
* <xref:blazor/security/webassembly/hosted-with-azure-active-directory-b2c>
### Clean and rebuild the solution
After migrating the app or solution to .NET 5, clean and rebuild the app or solution. If package incompatibilities exist between new package references and cached packages:
1. Clear NuGet package caches by executing the following [`dotnet nuget locals`](/dotnet/core/tools/dotnet-nuget-locals) command in a command shell:
```dotnetcli
dotnet nuget locals --clear all
```
1. Clean and rebuild the app or solution.
### Troubleshoot
Follow the *Troubleshoot* guidance at the end of the Blazor WebAssembly security topic that applies to your app:
Standalone Blazor WebAssembly apps:
* [General guidance for OIDC providers and the WebAssembly Authentication Library](xref:blazor/security/webassembly/standalone-with-authentication-library)
* [Microsoft Accounts](xref:blazor/security/webassembly/standalone-with-microsoft-accounts)
* [Azure Active Directory (AAD)](xref:blazor/security/webassembly/standalone-with-azure-active-directory)
* [Azure Active Directory (AAD) B2C](xref:blazor/security/webassembly/standalone-with-azure-active-directory-b2c)
Hosted Blazor WebAssembly apps:
* [Azure Active Directory (AAD)](xref:blazor/security/webassembly/hosted-with-azure-active-directory)
* [Azure Active Directory (AAD) B2C](xref:blazor/security/webassembly/hosted-with-azure-active-directory-b2c)
* [Identity Server](xref:blazor/security/webassembly/hosted-with-identity-server)
### Unauthorized client for Azure Active Directory (AAD)
After upgrading a Blazor WebAssembly app that uses AAD for authentication, you may receive the following error on the login callback to the app after the user signs in with AAD: