diff --git a/aspnetcore/migration/31-to-50.md b/aspnetcore/migration/31-to-50.md index dd03d0ba46..7852d37ddf 100644 --- a/aspnetcore/migration/31-to-50.md +++ b/aspnetcore/migration/31-to-50.md @@ -325,6 +325,8 @@ If updating a Blazor WebAssembly project, skip to the [Update Blazor WebAssembly ## Update Blazor WebAssembly projects +Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) section. + For a Blazor WebAssembly project, including the *`Client`* project of a hosted Blazor solution, apply the following changes to the project file: 1. Update the SDK from `Microsoft.NET.Sdk.Web` to `Microsoft.NET.Sdk.BlazorWebAssembly`: @@ -382,6 +384,8 @@ For a Blazor WebAssembly project, including the *`Client`* project of a hosted B ### Standalone Blazor WebAssembly app with Microsoft Accounts +Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) and [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections. + For a standalone Blazor WebAssembly app registered in the Azure portal to use Azure Active Directory (AAD) for Microsoft Accounts: * The app requires the `openid` and `offline_access` scopes: @@ -391,14 +395,18 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access"); ``` -* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI. +* In the Azure portal app registration **Authentication** blade: -* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**. + 1. Remove the **Web** platform configuration. + 1. Add a **Single-page application** platform configuration with the app's redirect URI. + 1. Disable **Implicit grant** for **Access tokens** and **ID tokens**. For more information, see . ### Standalone Blazor WebAssembly app with Azure Active Directory (AAD) +Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) and [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections. + For a standalone Blazor WebAssembly app registered in the Azure portal to use Azure Active Directory (AAD): * The app requires the `https://graph.microsoft.com/User.Read` scope: @@ -408,13 +416,17 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az .Add("https://graph.microsoft.com/User.Read"); ``` -* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI. +* In the Azure portal app registration **Authentication** blade: -* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**. + 1. Remove the **Web** platform configuration. + 1. Add a **Single-page application** platform configuration with the app's redirect URI. + 1. Disable **Implicit grant** for **Access tokens** and **ID tokens**. For more information, see . -### Standalone Blazor app with Azure Active Directory (AAD) B2C +### Standalone Blazor WebAssembly app with Azure Active Directory (AAD) B2C + +Follow the guidance in the preceding [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) and [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections. For a standalone Blazor WebAssembly app registered in the Azure portal to use Azure Active Directory (AAD) B2C: @@ -425,27 +437,25 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access"); ``` -* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI. +* In the Azure portal app registration **Authentication** blade: -* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**. + 1. Remove the **Web** platform configuration. + 1. Add a **Single-page application** platform configuration with the app's redirect URI. + 1. Disable **Implicit grant** for **Access tokens** and **ID tokens**. For more information, see . -### Hosted Blazor WebAssembly app with Azure Active Directory (AAD) or B2C - -The *`Client`* app registration of a hosted Blazor solution that uses AAD or AAD B2C for user authentication should use a **Single-page application** Azure Apps platform configuration: - -1. In the Azure portal app registration for the *`Client`* app, remove the **Web** platform configuration. -1. Add a **Single-page application** platform configuration with the app's redirect URI. -1. Disable **Implicit grant** for **Access tokens** and **ID tokens**. - -For more information, see: - -* -* - ### Update the Server project of a hosted Blazor solution +Follow the guidance in the preceding sections: + +* [Update Blazor WebAssembly and Blazor Server projects](#update-blazor-webassembly-and-blazor-server-projects) +* [Update Blazor WebAssembly projects](#update-blazor-webassembly-projects) sections +* The section that applies to the app's provider with Azure Active Directory: + * [Standalone Blazor WebAssembly app with Microsoft Accounts](#standalone-blazor-webassembly-app-with-microsoft-accounts) + * [Standalone Blazor WebAssembly app with Azure Active Directory (AAD)](#standalone-blazor-webassembly-app-with-azure-active-directory-aad) + * [Standalone Blazor WebAssembly app with Azure Active Directory (AAD) B2C](#standalone-blazor-webassembly-app-with-azure-active-directory-aad-b2c) + Update the *`Server`* project of a hosted Blazor solution as an ASP.NET Core app following the general guidance in this article. Additionally, *`Server`* projects that authenticate users to client Blazor WebAssembly apps with Azure Active Directory (AAD) or B2C should adopt new Microsoft Identity v2.0 packages: @@ -483,6 +493,35 @@ For more information, see: * * +### Clean and rebuild the solution + +After migrating the app or solution to .NET 5, clean and rebuild the app or solution. If package incompatibilities exist between new package references and cached packages: + +1. Clear NuGet package caches by executing the following [`dotnet nuget locals`](/dotnet/core/tools/dotnet-nuget-locals) command in a command shell: + + ```dotnetcli + dotnet nuget locals --clear all + ``` + +1. Clean and rebuild the app or solution. + +### Troubleshoot + +Follow the *Troubleshoot* guidance at the end of the Blazor WebAssembly security topic that applies to your app: + +Standalone Blazor WebAssembly apps: + +* [General guidance for OIDC providers and the WebAssembly Authentication Library](xref:blazor/security/webassembly/standalone-with-authentication-library) +* [Microsoft Accounts](xref:blazor/security/webassembly/standalone-with-microsoft-accounts) +* [Azure Active Directory (AAD)](xref:blazor/security/webassembly/standalone-with-azure-active-directory) +* [Azure Active Directory (AAD) B2C](xref:blazor/security/webassembly/standalone-with-azure-active-directory-b2c) + +Hosted Blazor WebAssembly apps: + +* [Azure Active Directory (AAD)](xref:blazor/security/webassembly/hosted-with-azure-active-directory) +* [Azure Active Directory (AAD) B2C](xref:blazor/security/webassembly/hosted-with-azure-active-directory-b2c) +* [Identity Server](xref:blazor/security/webassembly/hosted-with-identity-server) + ### Unauthorized client for Azure Active Directory (AAD) After upgrading a Blazor WebAssembly app that uses AAD for authentication, you may receive the following error on the login callback to the app after the user signs in with AAD: