From c6ad0912dc3b97c287445cb11246a1766a82d57a Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Wed, 29 Jan 2025 12:55:22 -0500 Subject: [PATCH 01/10] HttpContext/IHttpContextAccessor article --- .../httpcontext.md => components/http-context.md} | 14 ++++++++++++++ aspnetcore/blazor/components/index.md | 4 ---- aspnetcore/blazor/fundamentals/signalr.md | 5 +---- aspnetcore/blazor/security/index.md | 6 ++---- .../security/interactive-server-side-rendering.md | 2 +- aspnetcore/toc.yml | 2 ++ 6 files changed, 20 insertions(+), 13 deletions(-) rename aspnetcore/blazor/{security/includes/httpcontext.md => components/http-context.md} (85%) diff --git a/aspnetcore/blazor/security/includes/httpcontext.md b/aspnetcore/blazor/components/http-context.md similarity index 85% rename from aspnetcore/blazor/security/includes/httpcontext.md rename to aspnetcore/blazor/components/http-context.md index 815c80e16a52..a7740689f8de 100644 --- a/aspnetcore/blazor/security/includes/httpcontext.md +++ b/aspnetcore/blazor/components/http-context.md @@ -1,3 +1,17 @@ +--- +title: `IHttpContextAccessor`/`HttpContext` in ASP.NET Core Blazor apps +author: guardrex +description: Learn about IHttpContextAccessor and HttpContext in Blazor. +monikerRange: '>= aspnetcore-8.0' +ms.author: riande +ms.custom: mvc +ms.date: 01/29/2025 +uid: blazor/components/httpcontext +--- +# `IHttpContextAccessor`/`HttpContext` in ASP.NET Core Blazor apps + +[!INCLUDE[](~/includes/not-latest-version-without-not-supported-content.md)] + :::moniker range=">= aspnetcore-8.0" generally should be avoided with interactive rendering because a valid isn't always available. diff --git a/aspnetcore/blazor/components/index.md b/aspnetcore/blazor/components/index.md index bdbecf3fb396..0e73372739c7 100644 --- a/aspnetcore/blazor/components/index.md +++ b/aspnetcore/blazor/components/index.md @@ -1865,10 +1865,6 @@ For more information, see the following resources: * * -## `IHttpContextAccessor`/`HttpContext` - -[!INCLUDE[](~/blazor/security/includes/httpcontext.md)] - [1]: [2]: diff --git a/aspnetcore/blazor/fundamentals/signalr.md b/aspnetcore/blazor/fundamentals/signalr.md index 04d41fd265a0..000a4e4feb85 100644 --- a/aspnetcore/blazor/fundamentals/signalr.md +++ b/aspnetcore/blazor/fundamentals/signalr.md @@ -1507,10 +1507,6 @@ app.MapBlazorHub(); + app.MapBlazorHub("/signalr"); ``` -## `IHttpContextAccessor`/`HttpContext` - -[!INCLUDE[](~/blazor/security/includes/httpcontext.md)] - ## Additional server-side resources * [Server-side host and deployment guidance: SignalR configuration](xref:blazor/host-and-deploy/server#signalr-configuration) @@ -1521,6 +1517,7 @@ app.MapBlazorHub(); * * * +* * [Server-side reconnection events and component lifecycle events](xref:blazor/components/lifecycle#blazor-server-reconnection-events) * [What is Azure SignalR Service?](/azure/azure-signalr/signalr-overview) * [Performance guide for Azure SignalR Service](/azure/azure-signalr/signalr-concept-performance) diff --git a/aspnetcore/blazor/security/index.md b/aspnetcore/blazor/security/index.md index b888a257551e..544b25e762a3 100644 --- a/aspnetcore/blazor/security/index.md +++ b/aspnetcore/blazor/security/index.md @@ -108,10 +108,6 @@ The built-in or custom . -### `IHttpContextAccessor`/`HttpContext` - -[!INCLUDE[](~/blazor/security/includes/httpcontext.md)] - ### Shared state [!INCLUDE[](~/blazor/security/includes/shared-state.md)] @@ -1417,6 +1413,7 @@ PII refers any information relating to an identified or identifiable natural per * [Microsoft identity platform access tokens](/entra/identity-platform/access-tokens) * * +* * [Build a custom version of the Authentication.MSAL JavaScript library](xref:blazor/security/webassembly/additional-scenarios#build-a-custom-version-of-the-authenticationmsal-javascript-library) * [Awesome Blazor: Authentication](https://github.com/AdrienTorris/awesome-blazor#authentication) community sample links * @@ -1438,6 +1435,7 @@ PII refers any information relating to an identified or identifiable natural per * [Microsoft identity platform ID tokens](/entra/identity-platform/id-tokens) * [Microsoft identity platform access tokens](/entra/identity-platform/access-tokens) * +* * * [Build a custom version of the Authentication.MSAL JavaScript library](xref:blazor/security/webassembly/additional-scenarios#build-a-custom-version-of-the-authenticationmsal-javascript-library) * [Awesome Blazor: Authentication](https://github.com/AdrienTorris/awesome-blazor#authentication) community sample links diff --git a/aspnetcore/blazor/security/interactive-server-side-rendering.md b/aspnetcore/blazor/security/interactive-server-side-rendering.md index cc033a4dc9c5..fb4977102e59 100644 --- a/aspnetcore/blazor/security/interactive-server-side-rendering.md +++ b/aspnetcore/blazor/security/interactive-server-side-rendering.md @@ -62,7 +62,7 @@ In general, we recommend that you avoid rendering components that contain sensit ## `IHttpContextAccessor`/`HttpContext` -[!INCLUDE[](~/blazor/security/includes/httpcontext.md)] +For more information, see . ## Resource exhaustion diff --git a/aspnetcore/toc.yml b/aspnetcore/toc.yml index 10599fd5c60e..bc0e601fb48c 100644 --- a/aspnetcore/toc.yml +++ b/aspnetcore/toc.yml @@ -484,6 +484,8 @@ items: uid: blazor/components/render-modes - name: Prerender components uid: blazor/components/prerender + - name: IHttpContextAccessor and HttpContext + uid: blazor/components/httpcontext - name: Generic type support uid: blazor/components/generic-type-support - name: Synchronization context From d6d7a5682293f9f45e6402e433d1d9d16e7a54d6 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:02:36 -0500 Subject: [PATCH 02/10] Updates --- aspnetcore/blazor/components/http-context.md | 2 +- aspnetcore/fundamentals/http-context.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aspnetcore/blazor/components/http-context.md b/aspnetcore/blazor/components/http-context.md index a7740689f8de..c0ac333b13fa 100644 --- a/aspnetcore/blazor/components/http-context.md +++ b/aspnetcore/blazor/components/http-context.md @@ -1,5 +1,5 @@ --- -title: `IHttpContextAccessor`/`HttpContext` in ASP.NET Core Blazor apps +title: IHttpContextAccessor/HttpContext in ASP.NET Core Blazor apps author: guardrex description: Learn about IHttpContextAccessor and HttpContext in Blazor. monikerRange: '>= aspnetcore-8.0' diff --git a/aspnetcore/fundamentals/http-context.md b/aspnetcore/fundamentals/http-context.md index 710eda03b6dd..28b833ecef7f 100644 --- a/aspnetcore/fundamentals/http-context.md +++ b/aspnetcore/fundamentals/http-context.md @@ -191,7 +191,7 @@ public class EmailController : Controller ## `IHttpContextAccessor`/`HttpContext` in Razor components (Blazor) -[!INCLUDE[](~/blazor/security/includes/httpcontext.md)] +For more information, see . :::moniker-end @@ -346,6 +346,6 @@ public class EmailController : Controller ## `IHttpContextAccessor`/`HttpContext` in Razor components (Blazor) -[!INCLUDE[](~/blazor/security/includes/httpcontext.md)] +For more information, see . :::moniker-end From 488415f1765b8918c17a487147d8a9ab4e8e0d64 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Wed, 29 Jan 2025 13:10:26 -0500 Subject: [PATCH 03/10] Updates --- aspnetcore/blazor/components/http-context.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/blazor/components/http-context.md b/aspnetcore/blazor/components/http-context.md index c0ac333b13fa..d5a31fdf1ded 100644 --- a/aspnetcore/blazor/components/http-context.md +++ b/aspnetcore/blazor/components/http-context.md @@ -2,7 +2,7 @@ title: IHttpContextAccessor/HttpContext in ASP.NET Core Blazor apps author: guardrex description: Learn about IHttpContextAccessor and HttpContext in Blazor. -monikerRange: '>= aspnetcore-8.0' +monikerRange: '>= aspnetcore-3.1' ms.author: riande ms.custom: mvc ms.date: 01/29/2025 From 87eea52a6b44de00340a582bee83d9c0f98ce4f3 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Thu, 30 Jan 2025 10:26:20 -0500 Subject: [PATCH 04/10] Updates --- .../{http-context.md => httpcontext.md} | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) rename aspnetcore/blazor/components/{http-context.md => httpcontext.md} (70%) diff --git a/aspnetcore/blazor/components/http-context.md b/aspnetcore/blazor/components/httpcontext.md similarity index 70% rename from aspnetcore/blazor/components/http-context.md rename to aspnetcore/blazor/components/httpcontext.md index d5a31fdf1ded..8e0af0b0ca9a 100644 --- a/aspnetcore/blazor/components/http-context.md +++ b/aspnetcore/blazor/components/httpcontext.md @@ -5,7 +5,7 @@ description: Learn about IHttpContextAccessor and HttpContext in Blazor. monikerRange: '>= aspnetcore-3.1' ms.author: riande ms.custom: mvc -ms.date: 01/29/2025 +ms.date: 01/30/2025 uid: blazor/components/httpcontext --- # `IHttpContextAccessor`/`HttpContext` in ASP.NET Core Blazor apps @@ -25,7 +25,18 @@ uid: blazor/components/httpcontext public HttpContext? HttpContext { get; set; } ``` -For scenarios where the is required in interactive components, we recommend flowing the data via persistent component state from the server. For more information, see . +During interactive rendering, an instance might not even exist. For scenarios where the is required in interactive components, we recommend flowing the data via [persistent component state](xref:blazor/components/prerender#persist-prerendered-state) from the server. + +When an instance is available, the context is dependent on the transport: + +* WebSockets receives a single context as the result of the initial handshake. +* Long polling receives a new context per client "poll" request. +* A SignalR service receives a mocked/faked/shim context. + +For additional context in *advanced* edge cases, see the discussion in the following articles: + +* [HttpContext is valid in Interactive Server Rendering Blazor page (`dotnet/AspNetCore.Docs` #34301)](https://github.com/dotnet/AspNetCore.Docs/issues/34301) +* [Security implications of using IHttpContextAccessor in Blazor Server (`dotnet/aspnetcore` #45699)](https://github.com/dotnet/aspnetcore/issues/45699) :::moniker-end From 723d4409fc726c8671105d42061d4fa8089a2a42 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Thu, 30 Jan 2025 10:35:00 -0500 Subject: [PATCH 05/10] Updates --- aspnetcore/blazor/components/httpcontext.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/aspnetcore/blazor/components/httpcontext.md b/aspnetcore/blazor/components/httpcontext.md index 8e0af0b0ca9a..c7c181967edd 100644 --- a/aspnetcore/blazor/components/httpcontext.md +++ b/aspnetcore/blazor/components/httpcontext.md @@ -25,7 +25,7 @@ uid: blazor/components/httpcontext public HttpContext? HttpContext { get; set; } ``` -During interactive rendering, an instance might not even exist. For scenarios where the is required in interactive components, we recommend flowing the data via [persistent component state](xref:blazor/components/prerender#persist-prerendered-state) from the server. +During interactive rendering, an instance might not even exist. For scenarios where the is required in interactive components, we recommend flowing context data with [persistent component state](xref:blazor/components/prerender#persist-prerendered-state) from the server during static SSR. When an instance is available, the context is dependent on the transport: @@ -33,11 +33,13 @@ When an instance is available, the * Long polling receives a new context per client "poll" request. * A SignalR service receives a mocked/faked/shim context. -For additional context in *advanced* edge cases, see the discussion in the following articles: +For additional context in *advanced* edge cases†, see the discussion in the following articles: * [HttpContext is valid in Interactive Server Rendering Blazor page (`dotnet/AspNetCore.Docs` #34301)](https://github.com/dotnet/AspNetCore.Docs/issues/34301) * [Security implications of using IHttpContextAccessor in Blazor Server (`dotnet/aspnetcore` #45699)](https://github.com/dotnet/aspnetcore/issues/45699) +†Most developers building and maintaining Blazor apps don't need to delve into advanced concepts as long as the general guidance in this article is followed. + :::moniker-end :::moniker range="< aspnetcore-8.0" From ff0f4a77f7ae4cd7bed352cfc50310be88a3d791 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Thu, 30 Jan 2025 10:58:45 -0500 Subject: [PATCH 06/10] Updates --- aspnetcore/blazor/components/httpcontext.md | 4 +++- aspnetcore/signalr/httpcontext.md | 23 +++++++++++++++++++++ aspnetcore/toc.yml | 3 +++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 aspnetcore/signalr/httpcontext.md diff --git a/aspnetcore/blazor/components/httpcontext.md b/aspnetcore/blazor/components/httpcontext.md index c7c181967edd..cd715b2bc7db 100644 --- a/aspnetcore/blazor/components/httpcontext.md +++ b/aspnetcore/blazor/components/httpcontext.md @@ -1,7 +1,7 @@ --- title: IHttpContextAccessor/HttpContext in ASP.NET Core Blazor apps author: guardrex -description: Learn about IHttpContextAccessor and HttpContext in Blazor. +description: Learn about IHttpContextAccessor and HttpContext in ASP.NET Core Blazor apps. monikerRange: '>= aspnetcore-3.1' ms.author: riande ms.custom: mvc @@ -51,3 +51,5 @@ The recommended approach for passing request state to the Blazor app is through A critical aspect of server-side Blazor security is that the user attached to a given circuit might become updated at some point after the Blazor circuit is established but the ***isn't updated***. For more information on addressing this situation with custom services, see . :::moniker-end + +For guidance on and in ASP.NET Core SignalR, see . diff --git a/aspnetcore/signalr/httpcontext.md b/aspnetcore/signalr/httpcontext.md new file mode 100644 index 000000000000..87afa9c6cc74 --- /dev/null +++ b/aspnetcore/signalr/httpcontext.md @@ -0,0 +1,23 @@ +--- +title: IHttpContextAccessor/HttpContext in ASP.NET Core SignalR +author: guardrex +description: Learn about IHttpContextAccessor and HttpContext in ASP.NET Core SignalR. +monikerRange: '>= aspnetcore-3.1' +ms.author: riande +ms.custom: mvc +ms.date: 01/30/2025 +uid: signalr/httpcontext +--- +# `IHttpContextAccessor`/`HttpContext` in ASP.NET Core SignalR + +[!INCLUDE[](~/includes/not-latest-version-without-not-supported-content.md)] + +/ generally should be avoided with SignalR because a valid isn't always available. In most cases, the context doesn't exist (`null`). + +Even when an instance is available, the context is dependent on the transport: + +* WebSockets receives a single context as the result of the initial handshake. +* Long polling receives a new context per client "poll" request. +* A SignalR service receives a mocked/faked/shim context. + +For guidance on / in ASP.NET Core Blazor apps, see . diff --git a/aspnetcore/toc.yml b/aspnetcore/toc.yml index bc0e601fb48c..fbe6e12a9fe1 100644 --- a/aspnetcore/toc.yml +++ b/aspnetcore/toc.yml @@ -956,6 +956,9 @@ items: - name: Configuration uid: signalr/configuration displayName: signalr + - name: IHttpContextAccessor and HttpContext + uid: signalr/httpcontext + displayName: signalr - name: Authentication and authorization uid: signalr/authn-and-authz displayName: signalr From 91d44a4c291220cdec074e8e73cd6a1b71a81f6d Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Fri, 31 Jan 2025 07:40:08 -0500 Subject: [PATCH 07/10] Updates --- aspnetcore/blazor/components/httpcontext.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/aspnetcore/blazor/components/httpcontext.md b/aspnetcore/blazor/components/httpcontext.md index cd715b2bc7db..0fd878fb8858 100644 --- a/aspnetcore/blazor/components/httpcontext.md +++ b/aspnetcore/blazor/components/httpcontext.md @@ -25,13 +25,7 @@ uid: blazor/components/httpcontext public HttpContext? HttpContext { get; set; } ``` -During interactive rendering, an instance might not even exist. For scenarios where the is required in interactive components, we recommend flowing context data with [persistent component state](xref:blazor/components/prerender#persist-prerendered-state) from the server during static SSR. - -When an instance is available, the context is dependent on the transport: - -* WebSockets receives a single context as the result of the initial handshake. -* Long polling receives a new context per client "poll" request. -* A SignalR service receives a mocked/faked/shim context. +During interactive rendering, an instance might not even exist. For scenarios where the is required in interactive components, we recommend flowing context data with [persistent component state](xref:blazor/components/prerender#persist-prerendered-state) from the server. For additional context in *advanced* edge cases†, see the discussion in the following articles: From f3313a215e012b533fda5bc3882d909e700134fc Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Fri, 31 Jan 2025 14:44:56 -0500 Subject: [PATCH 08/10] Updates --- aspnetcore/signalr/httpcontext.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aspnetcore/signalr/httpcontext.md b/aspnetcore/signalr/httpcontext.md index 87afa9c6cc74..7da84914526d 100644 --- a/aspnetcore/signalr/httpcontext.md +++ b/aspnetcore/signalr/httpcontext.md @@ -20,4 +20,6 @@ Even when an instance is available, * Long polling receives a new context per client "poll" request. * A SignalR service receives a mocked/faked/shim context. +When in the hub, returns the for the connection or `null` if the connection isn't associated with an HTTP request. Use this method to get HTTP connection information, such as HTTP headers and query strings. For more information, see . + For guidance on / in ASP.NET Core Blazor apps, see . From f3ea400665828892a27916b3faa15e7276035d19 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:33:05 -0500 Subject: [PATCH 09/10] Updates --- aspnetcore/signalr/httpcontext.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/signalr/httpcontext.md b/aspnetcore/signalr/httpcontext.md index 7da84914526d..0a9076d5497f 100644 --- a/aspnetcore/signalr/httpcontext.md +++ b/aspnetcore/signalr/httpcontext.md @@ -20,6 +20,6 @@ Even when an instance is available, * Long polling receives a new context per client "poll" request. * A SignalR service receives a mocked/faked/shim context. -When in the hub, returns the for the connection or `null` if the connection isn't associated with an HTTP request. Use this method to get HTTP connection information, such as HTTP headers and query strings. For more information, see . +When in the hub, returns a subset of properties from the mocked/faked/shim SignalR HTTP layer for the connection or `null` if the connection isn't associated with an HTTP request. Use this method to get HTTP connection information, such as HTTP headers and query strings. For more information, see . For guidance on / in ASP.NET Core Blazor apps, see . From 4e41ea89a6e81c864c2eef57cd0ae7ffb9646671 Mon Sep 17 00:00:00 2001 From: guardrex <1622880+guardrex@users.noreply.github.com> Date: Thu, 6 Feb 2025 14:11:20 -0500 Subject: [PATCH 10/10] Updates --- aspnetcore/signalr/httpcontext.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/signalr/httpcontext.md b/aspnetcore/signalr/httpcontext.md index 0a9076d5497f..3683cae80538 100644 --- a/aspnetcore/signalr/httpcontext.md +++ b/aspnetcore/signalr/httpcontext.md @@ -20,6 +20,6 @@ Even when an instance is available, * Long polling receives a new context per client "poll" request. * A SignalR service receives a mocked/faked/shim context. -When in the hub, returns a subset of properties from the mocked/faked/shim SignalR HTTP layer for the connection or `null` if the connection isn't associated with an HTTP request. Use this method to get HTTP connection information, such as HTTP headers and query strings. For more information, see . +When working within a SignalR hub, you can access the directly using the method. This method returns the for the current connection or `null` if the connection isn't associated with an HTTP request. This is particularly useful for retrieving HTTP connection information, such as headers and query strings, directly within the hub. We recommend calling this method over for accessing in the hub. For more information, see . For guidance on / in ASP.NET Core Blazor apps, see .