2025

History

• Blazor project tracking 2024 (dotnet/AspNetCore.Docs #31423)
• Blazor project tracking 2023 (dotnet/AspNetCore.Docs #28001)
• Blazor project tracking 2022 (dotnet/AspNetCore.Docs #24615)
• Blazor project tracking 2021 (dotnet/AspNetCore.Docs #19286)

.NET 10

• .NET 10: File Upload work: File uploads (writing to memory/Autofac content) #33357, Multiple files upload hangs the process in a blazor server app aspnetcore#47301
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

Doc ideas

Not ALL of these will be worked. This is an idea list/check list that don't rise to the level of opening an issue at this time.

• Cover PAR for Blazor OIDC articles+samples? Document what's new in ASP.NET Core for .NET 9 Preview 7 #33031 (comment) As of 3/6/25, Entra doesn't support it.

  "the entire State Management page could simply be a list of approaches with links to other pages that explain each feature in detail" Cascading values+params for state management #34779

  Do we need more coverage on Azure Static Web Apps and Blazor deployments? https://learn.microsoft.com/en-us/aspnet/core/blazor/host-and-deploy/webassembly?view=aspnetcore-9.0#azure-static-web-apps

  Do we want a tutorial on adding Aspire to a Blazor project? https://www.youtube.com/live/hM4ifrqF_lQ?si=BzoYljhdDLLqrRxd&t=12903

  Do we want to roll account confirmation with PW recovery and 2FA/TOTP into the WASM+Identity sample app, probably with them in a configurable state for enabling the features so that they don't break casual use of the sample without setting up an email provider. 2FA/TOTP coverage for WASM+Identity #34189 (comment)

  Do we want to add app roles, Azure Admin roles, and Azure security groups to our BWA+Entra article+sample? Can I just cross-link an existing BWA-Graph sample in either Graph or Identity docs? Either way, the Application roles for apps registered with Microsoft Entra (ME-ID) section of the BWA+OIDC article will have a cross-link or different guidance based on how this is handled.

  See Blazor - Wasm pre-rendering (without server interactivity) - MSAL Auth on client side only not working aspnetcore#58833 for coverage in the Security and Identity overview and note it in prerendering coverage at https://learn.microsoft.com/en-us/aspnet/core/blazor/components/prerender?view=aspnetcore-8.0#prerendering-guidance ... and note that https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/additional-scenarios?view=aspnetcore-8.0#prerendering-with-authentication is broken (at least for the 8.0 release).

  For the BWA acct conf + PW recovery article, confirm that the wiring up of just the acct conf is enough to also activate the PW recovery part, which I don't recall if I tested or not at the time. It should just light up 💡 ... I think 🤔.

  For early 2025, get the FileUpload2 example (CSR) fully working for BWA and WASM samples. For BWA, the component is present, but there's no server controller to hit. For WASM, the component is in the WASM sample app but really should be moved to the new Call web API sample, where it can be made to work.

  Replace in-text (usually non-working) examples with dotnet/blazor-samples-based, fully working, cut-'n-paste examples. Might be best to create a list on an issue first, then I can work down the list.

  Apply form beautification 🌷 to the 8.0 sample app forms.

  Review Dynamic and extensible authentication requests for coverage opportunities [Blazor][Wasm] Dynamic and extensible authentication requests aspnetcore#42580 [Blazor] Dynamic authentication requests aspnetcore#42692

  To show and explain anti-request forgery in the File Uploads topic, use some commented-out text held there to enable controller services with AddControllersAndViews and pass the anti-forgery token to the Blazor app (<8.0) or obtain it from the anti-forgery feature (>=8.0) for the POST.

  With <NotFound> going away for BWA at 8.0, I think a dedicated bit in the Error handling topic on processing 404s via built-in server middleware makes sense (i.e., UseStatusCodePagesWithRedirects). Be sure to search for it because a cross-link is required in at least one case where I left a NOTE about BWAs not using the Not Found content template any longer.

  Root-level cascading values followup items: Root-level cascading values 8.0 #30095

  Custom ICU creation for WASM didn't make the cut for 8.0 or 9.0. It's scheduled for 10.0 now. [browser][icu] Automate custom icu creation runtime#82908

  I wasn't able to resolve Provide examples/references to avoid unauthorized content display during prerendering #29448 with Provide examples of recommendations #29449 because I can't see how the implementation should be applied in the reader's example app to avoid the reported behavior. Will circle around to this subject with Javier after .NET 8 releases.

  Revert content (Live content) to a cross-link when Azure Static Web Apps docs get a tutorial/tooling guidance for the new publish from VS gesture. Tracking on Azure docs issue: https://github.com/MicrosoftDocs/azure-docs/issues/112013 UPDATE (9/25/24): DR said he'd follow up with them because they closed the issue as a won't-fix.
• Although I'm working the Security node passes in February/March, I'm going to handle one item separately after the passes are finished pertaining to handling refresh tokens from Razor components when a request fails (e.g., Give more info about RefreshToken  #26086). Javier said, "... it involves sending a request to the token endpoint of the OIDC/OAuth provider in the same way you do in a web application." The refresh token is available to components via TokenProvider in the current guidance, so it seems that the component calls a server API to hit up the IdP to renew (and get a new refresh token) with an update to the TokenProvider with the new tokens. The component continues processing transparently (re-initiates the web API call that it was making in the first place) after the server-side work. Cross-refs: Miss a strategy to handle the refresh of tokens #19797 (comment)

  • Especially: How to refresh updated Claims without login out #22405 (comment)
  • ... and because it was never built-into the scaffolder to change the default logout page for Blazor Server: Scaffold different logout for Blazor Server Scaffolding#1423 ... OR, alternatively ...
  • XSRF antiforgery token content exists and the component can pass it to the endpoint because I don't think we want to tell devs to decorate server-side endpoints with @attribute [IgnoreAntiforgeryToken], including for logout. The coverage is at: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/scaffold-identity?view=aspnetcore-7.0&tabs=visual-studio#pass-an-xsrf-token-to-the-app

  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.
Per Steve's .NET Conf talk, shouldn't we briefly cover FileSystem API use in Blazor apps?
Let's run through the testassets pieces in the framework to see what might be helpful for devs to see in docs. It's a large task tho because there's so much there. This probably can't be worked in 23H1, possibly for 23Q3 tho.
It would probably be nice to create a QuickGrid example that opens and closes a detail record component without losing the page and scroll position of the grid. For context, see Blazor database example's list page is reloaded when coming back from a details page blazor-samples#58.
Do we want a cascading param state management example? https://learn.microsoft.com/en-us/aspnet/core/blazor/state-management?view=aspnetcore-6.0&pivots=webassembly#additional-approaches-wasm Blazor: In-memory state container as cascading parameter #27296
Best to have PU 🐈 look over the SignalR-Blazor enhancements for SignalR config (in the SignalR doc and the WASM/Server Host and Deploy docs) and SignalR client logging (in the Logging doc).
Place element attributes in alphabetical order.
The section https://learn.microsoft.com/en-us/aspnet/core/blazor/fundamentals/signalr?view=aspnetcore-9.0#websocket-compression-for-interactive-server-components wasn't reviewed ... no one was available to look.
Confirm language on interactive SSR components in the Pages folder of the .Client project. Removed on Remove remarks #34050 per DR's request. A PU issue where Javier says that it's correct: Blazor Web App Template Global Interactivity location causes Not Found issue when navigate to the page/component in Server project. aspnetcore#58944 (comment)
Put an 👁️ on one line in particular in the prerendering with JS interop INCLUDE file: An infinite loop isn't created because StateHasChanged is only called when scrollPosition is null.
Review of the new section on custom input components at https://learn.microsoft.com/en-us/aspnet/core/blazor/forms/binding?view=aspnetcore-8.0#custom-input-components.
Review of https://learn.microsoft.com/en-us/aspnet/core/blazor/images-and-documents
Confirm addHandlers module FN approach for wiring up event handlers.
When he's free, check on the param expression bit added by Bound field or property expression convention #32511.
The framework does what we say devs aren't supposed to do on transient disposables for IHttpClientFactory/HttpClient.
Check on the "In components derived from the base class" bit in the DI topic. It doesn't make sense. It might be incorrect.
Review of the new example at Fundamentals > DI > Utility base component classes to manage a DI scope section.
The WHY aspects on MSBuild properties for hosted deployment options #26620 (comment). I'd like to know why the RID works with the MSBuild prop (/p:RuntimeIdentifier={RID} but the self-contained setting doesn't (/p:SelfContained=false).
Review the code for streaming <textarea> content in a form of Message size limit enhancements #29541. Live
Ask about https://docs.microsoft.com/en-us/aspnet/core/blazor/components/dynamiccomponent?view=aspnetcore-6.0 per Update event callback approach #26557. Is this the best way to showcase event callbacks with dynamic components?
In UserClaims components (and perhaps a few other spots) the code for a collection displayed in the UI can can have the collection be assigned an empty value or left nullable with an additional Razor nullable check. Which is best? There's a text file on the desktop with the code either way.
Do we need to assess all Blazor examples where tasks are awaited looking for spots where it would be more appropriate to avoid resuming with the context (ConfigureAwait(false))?
Ask about the Task method without async and await keywords ... https://github.com/dotnet/blazor-samples/blob/main/8.0/BlazorWebAppEFCore/Components/ContactForm.razor#L111-L116