diff --git a/.github/workflows/whats-new.yml b/.github/workflows/whats-new.yml index 0840834efd..71643aed09 100644 --- a/.github/workflows/whats-new.yml +++ b/.github/workflows/whats-new.yml @@ -16,7 +16,6 @@ on: env: DOTNET_VERSION: '5.0.301' # set this to the dot net version to use - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -24,6 +23,9 @@ jobs: create-what-is-new: # The type of runner that the job will run on runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -38,7 +40,7 @@ jobs: - name: 'Print manual run reason' if: ${{ github.event_name == 'workflow_dispatch' }} run: | - echo 'Reason: ${{ github.event.inputs.reason }}' + echo "Reason: ${{ github.event.inputs.reason }}" # Print dotnet info - name: Display .NET info diff --git a/.vscode/settings.json b/.vscode/settings.json index a5f95470d7..3c34afcb09 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -25,5 +25,11 @@ "TypeScript", "XML", "YAML" - ] + ], + "markdownlint.config": { + "MD028": false, + "MD025": { + "front_matter_title": "" + } + } } diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index fcdea1e7bc..320499639c 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -420,6 +420,80 @@ If neither no * Authenticated (signed-in) users as authorized. * Unauthenticated (signed-out) users as unauthorized. +## Resource authorization + +To authorize users for resources, pass the request's route data to the parameter of . + +In the content for a requested route in the `App` component (`App.razor`): + +```razor + +``` + +For more information on how authorization state data is passed and used in procedural logic, see the [Expose the authentication state as a cascading parameter](#expose-the-authentication-state-as-a-cascading-parameter) section. + +When the receives the route data for the resource, authorization policies have access to and that permit custom logic to make authorization decisions. + +In the following example, an `EditUser` policy is created in for the app's authorization service configuration () with the following logic: + +* Determine if a route value exists with a key of `id`. If the key exists, the route value is stored in `value`. +* In a variable named `id`, store `value` as a string or set an empty string value (`string.Empty`). +* If `id` isn't an empty string, assert that the policy is satisfied (return `true`) if the string's value starts with `EMP`. Otherwise, assert that the policy fails (return `false`). + +In either `Program.cs` or `Startup.cs` (depending on the hosting model and framework version): + +* Add namespaces for and : + + ```csharp + using Microsoft.AspNetCore.Components; + using System.Linq; + ``` + +* Add the policy: + + ```csharp + options.AddPolicy("EditUser", policy => + policy.RequireAssertion(context => + { + if (context.Resource is RouteData rd) + { + var routeValue = rd.RouteValues.TryGetValue("id", out var value); + var id = Convert.ToString(value, + System.Globalization.CultureInfo.InvariantCulture) ?? string.Empty; + + if (!string.IsNullOrEmpty(id)) + { + return id.StartsWith("EMP", StringComparison.InvariantCulture); + } + } + + return false; + }) + ); + ``` + +The preceding example is an oversimplified authorization policy, merely used to demonstrate the concept with a working example. For more information on creating and configuring authorization policies, see . + +In the following `EditUser` component, the resource at `/users/{id}/edit` has a route parameter for the user's identifier (`{id}`). The component uses the preceding `EditUser` authorization policy to determine if the route value for `id` starts with `EMP`. If `id` starts with `EMP`, the policy succeeds and access to the component is authorized. If `id` starts with a value other than `EMP` or if `id` is an empty string, the policy fails, and the component doesn't load. + +`Pages/EditUser.razor`: + +```razor +@page "/users/{id}/edit" +@using Microsoft.AspNetCore.Authorization +@attribute [Authorize(Policy = "EditUser")] + +

Edit User

+ +

The 'EditUser' policy is satisfied! Id starts with 'EMP'.

+ +@code { + [Parameter] + public string Id { get; set; } +} +``` + ## Customize unauthorized content with the Router component The component, in conjunction with the component, allows the app to specify custom content if: @@ -963,6 +1037,80 @@ If neither no * Authenticated (signed-in) users as authorized. * Unauthenticated (signed-out) users as unauthorized. +## Resource authorization + +To authorize users for resources, pass the request's route data to the parameter of . + +In the content for a requested route in the `App` component (`App.razor`): + +```razor + +``` + +For more information on how authorization state data is passed and used in procedural logic, see the [Expose the authentication state as a cascading parameter](#expose-the-authentication-state-as-a-cascading-parameter) section. + +When the receives the route data for the resource, authorization policies have access to and that permit custom logic to make authorization decisions. + +In the following example, an `EditUser` policy is created in for the app's authorization service configuration () with the following logic: + +* Determine if a route value exists with a key of `id`. If the key exists, the route value is stored in `value`. +* In a variable named `id`, store `value` as a string or set an empty string value (`string.Empty`). +* If `id` isn't an empty string, assert that the policy is satisfied (return `true`) if the string's value starts with `EMP`. Otherwise, assert that the policy fails (return `false`). + +In either `Program.cs` or `Startup.cs` (depending on the hosting model and framework version): + +* Add namespaces for and : + + ```csharp + using Microsoft.AspNetCore.Components; + using System.Linq; + ``` + +* Add the policy: + + ```csharp + options.AddPolicy("EditUser", policy => + policy.RequireAssertion(context => + { + if (context.Resource is RouteData rd) + { + var routeValue = rd.RouteValues.TryGetValue("id", out var value); + var id = Convert.ToString(value, + System.Globalization.CultureInfo.InvariantCulture) ?? string.Empty; + + if (!string.IsNullOrEmpty(id)) + { + return id.StartsWith("EMP", StringComparison.InvariantCulture); + } + } + + return false; + }) + ); + ``` + +The preceding example is an oversimplified authorization policy, merely used to demonstrate the concept with a working example. For more information on creating and configuring authorization policies, see . + +In the following `EditUser` component, the resource at `/users/{id}/edit` has a route parameter for the user's identifier (`{id}`). The component uses the preceding `EditUser` authorization policy to determine if the route value for `id` starts with `EMP`. If `id` starts with `EMP`, the policy succeeds and access to the component is authorized. If `id` starts with a value other than `EMP` or if `id` is an empty string, the policy fails, and the component doesn't load. + +`Pages/EditUser.razor`: + +```razor +@page "/users/{id}/edit" +@using Microsoft.AspNetCore.Authorization +@attribute [Authorize(Policy = "EditUser")] + +

Edit User

+ +

The 'EditUser' policy is satisfied! Id starts with 'EMP'.

+ +@code { + [Parameter] + public string Id { get; set; } +} +``` + ## Customize unauthorized content with the Router component The component, in conjunction with the component, allows the app to specify custom content if: diff --git a/aspnetcore/data/ef-rp/intro.md b/aspnetcore/data/ef-rp/intro.md index 6c06206f99..41962185b0 100644 --- a/aspnetcore/data/ef-rp/intro.md +++ b/aspnetcore/data/ef-rp/intro.md @@ -532,7 +532,7 @@ Enumerating a large table in a view could return a partially constructed HTTP 20 defaults to 1024. The following code sets `MaxModelBindingCollectionSize`: - [!code-csharp[Main](intro/samples/cu60/ProgramEnsure.cs?name=snippet&highlight=16-20)] + [!code-csharp[Main](intro/samples/cu60/ProgramMax.cs?name=snippet&highlight=14-18)] See [Configuration](xref:fundamentals/configuration/index) for information on configuration settings like `MyMaxModelBindingCollectionSize`. @@ -1497,4 +1497,4 @@ For more information, see [Performance considerations (EF)](/dotnet/framework/da > [!div class="step-by-step"] > [Next tutorial](xref:data/ef-rp/crud) -::: moniker-end \ No newline at end of file +::: moniker-end diff --git a/aspnetcore/tutorials/razor-pages/new-field.md b/aspnetcore/tutorials/razor-pages/new-field.md index b1da0c056d..bd4c835d31 100644 --- a/aspnetcore/tutorials/razor-pages/new-field.md +++ b/aspnetcore/tutorials/razor-pages/new-field.md @@ -128,7 +128,7 @@ The `dotnet-ef migrations add rating` command tells the framework to: The name `rating` is arbitrary and is used to name the migration file. It's helpful to use a meaningful name for the migration file. -The `dotnet-ef database update` command tells the framework to apply the schema changes to the database and to preserve existing data. +The `dotnet ef database update` command tells the framework to apply the schema changes to the database and to preserve existing data. Delete all the records in the database, the initializer will seed the database and include the `Rating` field. diff --git a/aspnetcore/whats-new/2021-05.md b/aspnetcore/whats-new/2021-05.md deleted file mode 100644 index 71d0fc523a..0000000000 --- a/aspnetcore/whats-new/2021-05.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: "ASP.NET Core docs: What's new for May 1, 2021 - May 31, 2021" -description: "What's new in the ASP.NET Core docs for May 1, 2021 - May 31, 2021." -ms.date: 06/01/2021 ---- - -# ASP.NET Core docs: What's new for May 1, 2021 - May 31, 2021 - -Welcome to what's new in the ASP.NET Core docs from May 1, 2021 through May 31, 2021. This article lists some of the major changes to docs during this period. - -## Blazor - -### New articles - -- - Blazor startup topic - -### Updated articles - -- - - Blazor Call .NET from JS topic updates - - Blazor Call .NET from JS UE pass -- - Blazor snippet sample app updates -- - Blazor File Uploads topic UE pass - -## Fundamentals - -### Updated articles - -- - Use System.Net.Http.Json in "Make HTTP requests..." -- - Add LoggerFactoryOptions.ActivityTrackingOptions - -## MVC - -### Updated articles - -- - Binding C#9 record types /a - -## Razor Pages - -### Updated articles - -- - prep Razor UI class lib for .NET 5 version -- - prep Razor SDK doc for efficient 6.0 PR/compare - -## Security - -### Updated articles - -- - Show that AuthorizationHandlerContext.Resource is HttpContext for >= 5.0 -- - modified documentation for customize identity model - -## Tutorials - -### Updated articles - -- - First-MVC series: Model & DB tutorials: MT, improve readability and fix issues - -## Community contributors - -The following people contributed to the ASP.NET Core docs during this period. Thank you! Learn how to contribute by following the links under "Get involved" in the [what's new landing page](index.yml). - -- [dharmatech](https://github.com/dharmatech) (10) -- [fiyazbinhasan](https://github.com/fiyazbinhasan) - Fiyaz Bin Hasan (5) -- [serpent5](https://github.com/serpent5) - Kirk Larkin (2) -- [01binary](https://github.com/01binary) - Valeriy Novytskyy (1) -- [devigo](https://github.com/devigo) - Igor Lyadov (1) -- [donhuvy](https://github.com/donhuvy) - Do Nhu Vy (1) -- [FrediKats](https://github.com/FrediKats) - Fredi Kats (1) -- [gradonstone](https://github.com/gradonstone) - Gradon Stone (1) -- [lohithgn](https://github.com/lohithgn) - Lohith (1) -- [markmcgookin](https://github.com/markmcgookin) - Mark McGookin (1) -- [msal4](https://github.com/msal4) - Mohammed Salman (1) -- [pgermishuys](https://github.com/pgermishuys) - Pieter Germishuys (1) -- [slipperstree](https://github.com/slipperstree) - MangoLoveCarrot (1) -- [szalapski](https://github.com/szalapski) - Patrick Szalapski (1) -- [utsxumiao](https://github.com/utsxumiao) - Eric Xu (1) -- [ystvan](https://github.com/ystvan) - Istvan Marki (1) diff --git a/aspnetcore/whats-new/21-11.md b/aspnetcore/whats-new/21-11.md new file mode 100644 index 0000000000..0ab00199a7 --- /dev/null +++ b/aspnetcore/whats-new/21-11.md @@ -0,0 +1,157 @@ +--- +title: "ASP.NET Core docs: What's new for November 1, 2021 - November 30, 2021" +description: "What's new in the ASP.NET Core docs for November 1, 2021 - November 30, 2021." +ms.date: 12/01/2021 +--- + +# ASP.NET Core docs: What's new for November 1, 2021 - November 30, 2021 + +Welcome to what's new in the ASP.NET Core docs from November 1, 2021 through November 30, 2021. This article lists some of the major changes to docs during this period. + +## Blazor + +### New articles + +- - Blazor Working With Images Docs +- - Blazor File Downloads Documentation +- - Blazor native deps (w/callback coverage) + +### Updated articles + +- - Blazor environments for App Service +- + - Blazor Handle Errors updates + - Drop pivots in Blazor fundamental topics +- - Blazor hosting model pivot updates +- - Blazor static files guidance improvements +- - Blazor static files guidance improvements +- - App base path/sub-app hosting updates + +## Data access + +### Updated articles + +- - pre EF/RP monikers /3 +- - pre EF/RP monikers /3 + +## Fundamentals + +### Updated articles + +- - Prepare HttpContext for 6.0 +- - Prepare Handle Errors for 6.0 +- - Prepare Kestrel Overview for 6.0 +- - moniker prep session +- - Update bool value entries for host config +- + - Update Routing to 6.0 + - Prepare Routing for 6.0 + - Guidance for large route tables /2 +- - Update HTTP Requests to 6.0 +- - prep monikers for Options + +## gRPC + +### Updated articles + +- - Troubleshoot doc on using gRPC client with HTTP/3 + +## Migration + +### New articles + +- - 3.1 to 6.0 LTS track migration guide /3 + +## MVC + +### Updated articles + +- - Update Filters to 6.0 +- - Prepare Model-Binding for 6.0 + +## Performance + +### Updated articles + +- - Prepare Cache In-Memory for 6.0 + +## Razor Pages + +### Updated articles + +- - Moniker prep for into to RP /4 + +## Security + +### Updated articles + +- - Moniker Prep work for Claims /3 +- - Update monikers for Win auth /3 +- - prep monikers for scaffold identity +- - Prepare Microsoft Logins for 6.0 +- + - HTTPS moniker prep for V6 /4 + - Feature/https linux updates +- - moniker prep for secrets + +## Testing + +### New articles + +- - .NET Hot Reload support + +## Tutorials + +### Updated articles + +- + - Update MongoDB Web Api to 6.0 + - Prepare MongoDb Web Api for 6.0 +- + - Update SignalR tutorial to V6 /2 + - signalR moniker prep /2 +- - Update Swashbuckle tutorial syntax and 6.0 RTM +- - Update model.md + +## Web API + +### Updated articles + +- + - Update Handle Web API Errors to 6.0 + - Prepare Handle Web API Errors for 6.0 +- + - Update Format Response Data to 6.0 + - Prepare Format Response Data for 6.0 + +## Community contributors + +The following people contributed to the ASP.NET Core docs during this period. Thank you! Learn how to contribute by following the links under "Get involved" in the [what's new landing page](index.yml). + +- [GitHubPang](https://github.com/GitHubPang) (9) +- [hmz777](https://github.com/hmz777) - HMZ (2) +- [alaatm](https://github.com/alaatm) - Alaa Masoud (1) +- [alikrc](https://github.com/alikrc) - Ali (1) +- [andreapace](https://github.com/andreapace) - Andrea Pace (1) +- [ascott18](https://github.com/ascott18) - Andrew Scott (1) +- [behroozbc](https://github.com/behroozbc) - behrooz bozorg chami (1) +- [Bouke](https://github.com/Bouke) - Bouke Haarsma (1) +- [celsojr](https://github.com/celsojr) - Celso Jr (1) +- [cirinatorres](https://github.com/cirinatorres) (1) +- [flinde](https://github.com/flinde) - Fredrik Linde (1) +- [ignBiometrical](https://github.com/ignBiometrical) - Biometrical (1) +- [jo-ninja](https://github.com/jo-ninja) - Joni (1) +- [JohnSurina](https://github.com/JohnSurina) - John Surina (1) +- [jonas-lomholdt](https://github.com/jonas-lomholdt) - Jonas Lomholdt (1) +- [JuergenGutsch](https://github.com/JuergenGutsch) - Juergen Gutsch (1) +- [martincostello](https://github.com/martincostello) - Martin Costello (1) +- [Pemek](https://github.com/Pemek) - Przemysław Madej (1) +- [provegard](https://github.com/provegard) - Per Rovegård (1) +- [PrzybylaMateusz](https://github.com/PrzybylaMateusz) (1) +- [ryandle](https://github.com/ryandle) - Ryan Yandle (1) +- [sgryphon](https://github.com/sgryphon) - Sly Gryphon (1) +- [Swiftly1](https://github.com/Swiftly1) (1) +- [tufteddeer](https://github.com/tufteddeer) - Fabian (1) +- [vanillajonathan](https://github.com/vanillajonathan) - Jonathan (1) +- [vladsaftoiu](https://github.com/vladsaftoiu) - Vlad Saftoiu Alexandru (1) +- [yecril71pl](https://github.com/yecril71pl) - Christopher Yeleighton (1) diff --git a/aspnetcore/whats-new/index.yml b/aspnetcore/whats-new/index.yml index 6dbcbc20a2..6a21cce4da 100644 --- a/aspnetcore/whats-new/index.yml +++ b/aspnetcore/whats-new/index.yml @@ -14,6 +14,8 @@ landingContent: linkLists: - linkListType: whats-new links: + - text: November 2021 + url: 21-11.md - text: October 2021 url: 21-10.md - text: September 2021 @@ -24,8 +26,6 @@ landingContent: url: 21-07.md - text: June 2021 url: 21-06.md - - text: May 2021 - url: 2021-05.md - title: "Get involved - contribute to ASP.NET Core docs" linkLists: diff --git a/aspnetcore/whats-new/toc.yml b/aspnetcore/whats-new/toc.yml index 1a7ff769a4..6f4955b0c2 100644 --- a/aspnetcore/whats-new/toc.yml +++ b/aspnetcore/whats-new/toc.yml @@ -3,6 +3,8 @@ items: href: index.yml expanded: true items: + - name: November 2021 + href: 21-11.md - name: October 2021 href: 21-10.md - name: September 2021 @@ -13,5 +15,3 @@ items: href: 21-07.md - name: June 2021 href: 21-06.md - - name: May 2021 - href: 2021-05.md