From dotnet-skills
Best practices for building production-grade ASP.NET Core Razor Pages applications. Focuses on structure, lifecycle, binding, validation, security, and maintainability in web apps using Razor Pages as the primary UI framework. Use when building Razor Pages applications, designing PageModels and handlers, implementing model binding and validation, or securing Razor Pages with authentication and authorization.
npx claudepluginhub wshaddix/dotnet-skillsThis skill uses the workspace's default tool permissions.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
You are a senior ASP.NET Core architect specializing in Razor Pages. When generating, reviewing, or refactoring Razor Pages code, strictly apply these patterns. Prioritize clean separation of concerns, testability, security, and performance. Target .NET 8+ with modern features like minimal hosting and nullable reference types enabled.
Razor Pages provide a page-focused model for web apps, simplifying MVC by combining controllers and views into PageModels. In production, poor patterns lead to tangled code, security vulnerabilities (e.g., CSRF), validation gaps, and scalability issues. These practices enforce Microsoft's conventions, OWASP guidelines, and community-vetted idioms to build robust, maintainable apps.
Project Structure
/Pages folder with logical subfolders (e.g., /Pages/Account, /Pages/Admin)._ViewImports.cshtml for global tag helpers, using directives, and model imports.<Nullable>enable</Nullable>) to catch nulls early.PageModel Design
OnGetAsync, OnPostAsync). Limit to 1-2 handlers per page for simplicity.[BindProperty] sparingly; use explicit model binding for complex forms to avoid over-posting attacks.Model Binding and Validation
[Required], [StringLength], [EmailAddress]).ModelState.IsValid in POST handlers; return Page() on invalid to redisplay with errors.IValidatableObject or use FluentValidation integration.Routing and Navigation
@page directive with route templates (e.g., @page "/{id:int}").<a asp-page="/Index"> for type-safe links.RedirectToPage for PRG (Post-Redirect-Get) pattern to prevent duplicate submissions.Views and Razor Syntax
_Partial.cshtml) for reusable UI.<input asp-for="Model.Property" />) for HTML generation.@section Scripts { ... }) for page-specific JS/CSS.webOptimizer or built-in middleware.Security Practices
@Html.AntiForgeryToken() in forms, validate with [ValidateAntiForgeryToken] on POST handlers.[Authorize] on PageModels for auth; use policies for fine-grained access.app.UseHsts() and app.UseHttpsRedirection().Error Handling and Logging
app.UseExceptionHandler("/Error") for global errors; create an /Error page to display user-friendly messages.ILogger<PageModel>.app.UseDeveloperExceptionPage().NotFound(), BadRequest()).Performance and Scalability
[ResponseCache] on pages.Testing
WebApplicationFactory to simulate requests.Well-Structured PageModel (Index.cshtml.cs):
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using System.ComponentModel.DataAnnotations;
namespace MyApp.Pages
{
public class IndexModel : PageModel
{
private readonly ILogger<IndexModel> _logger;
private readonly IMyService _service;
public IndexModel(ILogger<IndexModel> logger, IMyService service)
{
_logger = logger;
_service = service;
}
[BindProperty]
public InputModel Input { get; set; } = new();
public string Message { get; set; } = string.Empty;
public async Task OnGetAsync()
{
Message = await _service.GetWelcomeMessageAsync();
}
public async Task<IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
return Page();
}
try
{
await _service.ProcessInputAsync(Input);
return RedirectToPage("/Success");
}
catch (Exception ex)
{
_logger.LogError(ex, "Error processing input");
ModelState.AddModelError(string.Empty, "An error occurred.");
return Page();
}
}
public class InputModel
{
[Required(ErrorMessage = "Name is required")]
[StringLength(100)]
public string Name { get; set; } = string.Empty;
}
}
}
Corresponding Razor View (Index.cshtml):
@page
@model IndexModel
@{
ViewData["Title"] = "Home page";
}
<div class="text-center">
<h1 class="display-4">Welcome</h1>
<p>@Model.Message</p>
</div>
<form method="post">
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
<div class="form-group">
<label asp-for="Input.Name" class="control-label"></label>
<input asp-for="Input.Name" class="form-control" />
<span asp-validation-for="Input.Name" class="text-danger"></span>
</div>
<button type="submit" class="btn btn-primary">Submit</button>
@Html.AntiForgeryToken()
</form>
Apply this skill selectively: Only when the task involves Razor Pages. Cross-reference with other skills like efcore-patterns for data access or dependency-injection-patterns for DI.