Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From dotnet-blazor
Configures authentication and authorization in Blazor apps using ASP.NET Core Identity, Entra ID, JWT bearer, roles, claims, and policies with AuthorizeView components.
npx claudepluginhub markus41/claude --plugin dotnet-blazorHow this skill is triggered — by the user, by Claude, or both
Slash command
/dotnet-blazor:blazor-auth-securityThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
```csharp
Adding auth to Blazor. AuthorizeView, CascadingAuthenticationState, Identity UI, per-model flows.
Guides ASP.NET Core authentication and authorization with JWT bearer tokens, OpenID Connect, ASP.NET Identity, policies, roles, claims, and API keys. For login, endpoint protection, and auth rules.
Adds login, logout, and user profile to ASP.NET Core MVC, Razor Pages, or Blazor Server apps using Auth0.AspNetCore.Authentication with cookie-based authentication.
Share bugs, ideas, or general feedback.
// Program.cs
builder.Services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddIdentityCookies();
builder.Services.AddAuthorizationBuilder()
.AddPolicy("AdminOnly", policy => policy.RequireRole("Admin"))
.AddPolicy("PremiumUser", policy => policy.RequireClaim("subscription", "premium"));
builder.Services.AddIdentityCore<ApplicationUser>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.SignIn.RequireConfirmedEmail = true;
})
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<AppDbContext>()
.AddSignInManager()
.AddDefaultTokenProviders();
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddControllersWithViews()
.AddMicrosoftIdentityUI();
// appsettings.json
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"TenantId": "your-tenant-id",
"ClientId": "your-client-id",
"CallbackPath": "/signin-oidc"
}
}
@* Require authentication for a page *@
@page "/admin"
@attribute [Authorize(Roles = "Admin")]
@* Conditional rendering based on auth state *@
<AuthorizeView>
<Authorized>
<p>Welcome, @context.User.Identity?.Name!</p>
</Authorized>
<NotAuthorized>
<p>Please <a href="/login">log in</a>.</p>
</NotAuthorized>
</AuthorizeView>
@* Role-based content *@
<AuthorizeView Roles="Admin,Manager">
<Authorized>
<button @onclick="DeleteAll">Delete All</button>
</Authorized>
</AuthorizeView>
@* Policy-based content *@
<AuthorizeView Policy="PremiumUser">
<Authorized>
<PremiumDashboard />
</Authorized>
</AuthorizeView>
@inject AuthenticationStateProvider AuthStateProvider
@code {
private async Task CheckAuth()
{
var authState = await AuthStateProvider.GetAuthenticationStateAsync();
var user = authState.User;
if (user.Identity?.IsAuthenticated == true)
{
var name = user.Identity.Name;
var isAdmin = user.IsInRole("Admin");
var email = user.FindFirst(ClaimTypes.Email)?.Value;
}
}
}
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudience = builder.Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]!))
};
});
app.UseHsts())<AntiforgeryToken />)[Authorize] on pages/endpoints, not just UI hiding