Merge branch 'main' into guardrex/blazor-standalone-with-identity-acc…

…t-conf-pw-recovery

.github/ISSUE_TEMPLATE/blank-issue.md

@@ -0,0 +1,24 @@
+---
+name: Blank issue
+about: Create an issue to help us improve
+---
+
+# Before you open an issue
+
+If the issue is with an ASP.NET Core document:
+
+* Do **not** open a new issue using this form.
+* Open the issue using the **Open a documentation issue** link and feedback form at the bottom of the article. 
+
+Using the **Open a documentation issue** link and form to open an issue adds article metadata for tracking, which indicates the article that you're commenting on and pings the author for a faster response.
+
+If the issue is:
+
+* A simple typo or similar correction, you can submit a PR. See the Contributor Guide for instructions: https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents
+* A general support question, consider asking on a support forum:
+  * Stack Overflow: https://stackoverflow.com/questions/tagged/asp.net-core
+  * ASP.NET Core Slack: https://aspnetcore.slack.com/join/shared_invite/zt-1mv5487zb-EOZxJ1iqb0A0ajowEbxByQ#/shared-invite/email
+  * ASP.NET Gitter: https://gitter.im/aspnet/Home
+* A site design concern, create an issue at MicrosoftDocs/Feedback: https://github.com/MicrosoftDocs/Feedback/issues/new/choose
+* A problem completing a tutorial, compare your code with the completed sample.
+* A duplicate of an open or closed issue, leave a comment on that issue.

.github/ISSUE_TEMPLATE/doc-issue.md

@@ -14,9 +14,12 @@ Using the **Open a documentation issue** link and form to open an issue adds art
 
 If the issue is:
 
-* A simple typo or similar correction, you can submit a PR. See [the contributor guide](https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents) for instructions.
-* A general support question, consider asking on a support forum site.
-* A site design concern, create an issue at [MicrosoftDocs/Feedback](https://github.com/MicrosoftDocs/Feedback/issues/new/choose).
+* A simple typo or similar correction, you can submit a PR. See the Contributor Guide for instructions: https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents
+* A general support question, consider asking on a support forum:
+  * Stack Overflow: https://stackoverflow.com/questions/tagged/asp.net-core
+  * ASP.NET Core Slack: https://aspnetcore.slack.com/join/shared_invite/zt-1mv5487zb-EOZxJ1iqb0A0ajowEbxByQ#/shared-invite/email
+  * ASP.NET Gitter: https://gitter.im/aspnet/Home
+* A site design concern, create an issue at MicrosoftDocs/Feedback: https://github.com/MicrosoftDocs/Feedback/issues/new/choose
 * A problem completing a tutorial, compare your code with the completed sample.
 * A duplicate of an open or closed issue, leave a comment on that issue.
 

README.md

@@ -5,3 +5,23 @@ This repository contains the [ASP.NET Core documentation](https://learn.microsof
 To provide comments and suggestions on [learn.microsoft.com](https://learn.microsoft.com) site functionality, open an issue in the [`MicrosoftDocs/feedback` GitHub repository](https://github.com/MicrosoftDocs/feedback).
 
 ASP.NET 4.x documentation changes are made in the [`dotnet/AspNetDocs` GitHub repository](https://github.com/dotnet/AspNetDocs).
+
+## How to open an issue
+
+If the issue is with an ASP.NET Core document:
+
+* Do **not** open a blank issue.
+* Open the issue using the **Open a documentation issue** link and feedback form at the bottom of the article. 
+
+Using the **Open a documentation issue** link and form to open an issue adds article metadata for tracking, which indicates the article that you're commenting on and automatically pings the author for a faster response.
+
+If the issue is:
+
+* A simple typo or similar correction, you can submit a PR. See [the contributor guide](https://docs.microsoft.com/contribute/#quick-edits-to-existing-documents) for instructions.
+* A general support question, consider asking on a support forum site:
+  * [Stack Overflow](https://stackoverflow.com/questions/tagged/asp.net-core)
+  * [ASP.NET Core Slack](https://aspnetcore.slack.com/join/shared_invite/zt-1mv5487zb-EOZxJ1iqb0A0ajowEbxByQ#/shared-invite/email)
+  * [ASP.NET Gitter](https://gitter.im/aspnet/Home)
+* A site design concern, create an issue at [MicrosoftDocs/Feedback](https://github.com/MicrosoftDocs/Feedback/issues/new/choose).
+* A problem completing a tutorial, compare your code with the completed sample.
+* A duplicate of an open or closed issue, leave a comment on that issue.

aspnetcore/blazor/components/quickgrid.md

@@ -313,7 +313,7 @@ The <xref:Microsoft.AspNetCore.Components.QuickGrid.GridItemsProvider%601> conve
 ```razor
 @page "/food-recalls"
 @inject HttpClient Http
-@inject NavigationManager NavManager
+@inject NavigationManager Navigation
 
 <PageTitle>Food Recalls</PageTitle>
 
@@ -332,14 +332,14 @@ The <xref:Microsoft.AspNetCore.Components.QuickGrid.GridItemsProvider%601> conve
 <p>Total: <strong>@numResults results found</strong></p>
 
 @code {
-    GridItemsProvider<FoodRecall>? foodRecallProvider;
-    int numResults;
+    private GridItemsProvider<FoodRecall>? foodRecallProvider;
+    private int numResults;
 
     protected override async Task OnInitializedAsync()
     {
         foodRecallProvider = async req =>
         {
-            var url = NavManager.GetUriWithQueryParameters(
+            var url = Navigation.GetUriWithQueryParameters(
                 "https://api.fda.gov/food/enforcement.json", 
                 new Dictionary<string, object?>
             {

aspnetcore/blazor/components/render-modes.md

@@ -688,7 +688,7 @@ The `Shared` folder maintains the `AccountLayout` layout component. The componen
 ```razor
 @inherits LayoutComponentBase
 @layout BlazorSample.Components.Layout.MainLayout
-@inject NavigationManager NavigationManager
+@inject NavigationManager Navigation
 
 @if (HttpContext is null)
 {
@@ -707,7 +707,7 @@ else
     {
         if (HttpContext is null)
         {
-            NavigationManager.Refresh(forceReload: true);
+            Navigation.Refresh(forceReload: true);
         }
     }
 }
@@ -756,7 +756,7 @@ The app has a custom layout that can be applied to components around the app. Us
 ```razor
 @inherits LayoutComponentBase
 @layout MainLayout
-@inject NavigationManager NavigationManager
+@inject NavigationManager Navigation
 
 @if (HttpContext is null)
 {
@@ -775,7 +775,7 @@ else
     {
         if (HttpContext is null)
         {
-            NavigationManager.Refresh(forceReload: true);
+            Navigation.Refresh(forceReload: true);
         }
     }
 }

aspnetcore/blazor/fundamentals/index.md

@@ -178,22 +178,6 @@ Documentation sample apps are available for inspection and download:
 
 Locate a sample app by first selecting the version folder that matches the version of .NET that you're working with.
 
-:::moniker range=">= aspnetcore-8.0"
-
-Samples apps in the repository:
-
-* Blazor Web App
-* Blazor WebAssembly
-* Blazor Web App with EF Core (<xref:blazor/blazor-ef-core>)
-* Blazor Web App with SignalR (<xref:blazor/tutorials/signalr-blazor>)
-* Two Blazor Web Apps and a Blazor WebAssembly app for calling web (server) APIs (<xref:blazor/call-web-api>)
-* Blazor Web App with OIDC (BFF and non-BFF patterns) (<xref:blazor/security/blazor-web-app-oidc>)
-* Blazor WebAssembly scopes-enabled logging (<xref:blazor/fundamentals/logging#client-side-log-scopes>)
-* Blazor WebAssembly with ASP.NET Core Identity (<xref:blazor/security/webassembly/standalone-with-identity/index>)
-* .NET MAUI Blazor Hybrid app with a Blazor Web App and a shared UI provided by a Razor class library (RCL) (<xref:blazor/hybrid/tutorials/maui-blazor-web-app>)
-
-:::moniker-end
-
 :::moniker range="< aspnetcore-8.0"
 
 The sample repo contains two types of samples:
@@ -206,7 +190,7 @@ The sample repo contains two types of samples:
 
 :::moniker-end
 
-For more information, see the [Blazor samples GitHub repository README.md file](https://github.com/dotnet/blazor-samples).
+For more information and a list of the samples in the repository, see the [Blazor samples GitHub repository README.md file](https://github.com/dotnet/blazor-samples).
 
 The ASP.NET Core repository's Basic Test App is also a helpful set of samples for various Blazor scenarios:
 

aspnetcore/blazor/tutorials/build-a-blazor-app.md

@@ -196,37 +196,73 @@ Add a `TodoItem.cs` file to the root of the project (the `TodoList` folder) to h
 
 :::moniker range=">= aspnetcore-9.0"
 
-:::code language="csharp" source="~/../blazor-samples/9.0/BlazorSample_WebAssembly/TodoItem.cs":::
+```csharp
+public class TodoItem
+{
+    public string? Title { get; set; }
+    public bool IsDone { get; set; }
+}
+```
 
 :::moniker-end
 
 :::moniker range=">= aspnetcore-8.0 < aspnetcore-9.0"
 
-:::code language="csharp" source="~/../blazor-samples/8.0/BlazorSample_WebAssembly/TodoItem.cs":::
+```csharp
+public class TodoItem
+{
+    public string? Title { get; set; }
+    public bool IsDone { get; set; }
+}
+```
 
 :::moniker-end
 
 :::moniker range=">= aspnetcore-7.0 < aspnetcore-8.0"
 
-:::code language="csharp" source="~/../blazor-samples/7.0/BlazorSample_WebAssembly/build-a-blazor-app/TodoItem.cs":::
+```csharp
+public class TodoItem
+{
+    public string? Title { get; set; }
+    public bool IsDone { get; set; }
+}
+```
 
 :::moniker-end
 
 :::moniker range=">= aspnetcore-6.0 < aspnetcore-7.0"
 
-:::code language="csharp" source="~/../blazor-samples/6.0/BlazorSample_WebAssembly/build-a-blazor-app/TodoItem.cs":::
+```csharp
+public class TodoItem
+{
+    public string? Title { get; set; }
+    public bool IsDone { get; set; }
+}
+```
 
 :::moniker-end
 
 :::moniker range=">= aspnetcore-5.0 < aspnetcore-6.0"
 
-:::code language="csharp" source="~/../blazor-samples/5.0/BlazorSample_WebAssembly/build-a-blazor-app/TodoItem.cs":::
+```csharp
+public class TodoItem
+{
+    public string Title { get; set; }
+    public bool IsDone { get; set; }
+}
+```
 
 :::moniker-end
 
 :::moniker range="< aspnetcore-5.0"
 
-:::code language="csharp" source="~/../blazor-samples/3.1/BlazorSample_WebAssembly/build-a-blazor-app/TodoItem.cs":::
+```csharp
+public class TodoItem
+{
+    public string Title { get; set; }
+    public bool IsDone { get; set; }
+}
+```
 
 :::moniker-end
 

aspnetcore/fundamentals/configuration/index.md

@@ -8,6 +8,7 @@ ms.custom: mvc
 ms.date: 04/26/2024
 uid: fundamentals/configuration/index
 ---
+<!-- ms.sfi.ropc: t -->
 # Configuration in ASP.NET Core
 
 By [Rick Anderson](https://twitter.com/RickAndMSFT) and [Kirk Larkin](https://twitter.com/serpent5)
@@ -158,15 +159,15 @@ Configuration data guidelines:
 * Never store passwords or other sensitive data in configuration provider code or in plain text configuration files. The [Secret Manager](xref:security/app-secrets) tool can be used to store secrets in development.
 * Don't use production secrets in development or test environments.
 * Specify secrets outside of the project so that they can't be accidentally committed to a source code repository.
+* Production apps should use the most secure authentication flow available. For more information, see [Secure authentication flows](xref:security/index#secure-authentication-flows).
 
 By [default](#default), the user secrets configuration source is registered after the JSON configuration sources. Therefore, user secrets keys take precedence over keys in `appsettings.json` and `appsettings.{Environment}.json`.
 
 For more information on storing passwords or other sensitive data:
 
 * <xref:fundamentals/environments>
 * <xref:security/app-secrets>: Includes advice on using environment variables to store sensitive data. The Secret Manager tool uses the [File configuration provider](#fcp) to store user secrets in a JSON file on the local system.
-
-[Azure Key Vault](https://azure.microsoft.com/services/key-vault/) safely stores app secrets for ASP.NET Core apps. For more information, see <xref:security/key-vault-configuration>.
+* [Azure Key Vault](https://azure.microsoft.com/services/key-vault/) safely stores app secrets for ASP.NET Core apps. For more information, see <xref:security/key-vault-configuration>.
 
 <a name="evcp"></a>
 
@@ -408,6 +409,8 @@ The preferred way to read hierarchical configuration data is using the options p
 
 ## Configuration keys and values
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 Configuration keys:
 
 * Are case-insensitive. For example, `ConnectionString` and `connectionstring` are treated as equivalent keys.
@@ -459,6 +462,8 @@ The preceding sequence of providers is used in the [default configuration](#defa
 
 ### Connection string prefixes
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 The Configuration API has special processing rules for four connection string environment variables. These connection strings are involved in configuring Azure connection strings for the app environment. Environment variables with the prefixes shown in the table are loaded into the app with the [default configuration](#default) or when no prefix is supplied to `AddEnvironmentVariables`.
 
 | Connection string prefix | Provider |

aspnetcore/fundamentals/configuration/index/includes/index3-5.md

@@ -1,5 +1,5 @@
 :::moniker range=">= aspnetcore-5.0 < aspnetcore-6.0"
-
+<!-- ms.sfi.ropc: t -->
 <a name="kestrel"></a>
 
 ## Kestrel endpoint configuration
@@ -149,6 +149,8 @@ Custom configuration providers aren't required to implement array binding.
 
 ## Custom configuration provider
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 The sample app demonstrates how to create a basic configuration provider that reads configuration key-value pairs from a database using [Entity Framework (EF)](/ef/core/).
 
 The provider has the following characteristics:

aspnetcore/fundamentals/configuration/index/includes/index6.md

@@ -1,5 +1,5 @@
 :::moniker range="= aspnetcore-6.0"
-
+<!-- ms.sfi.ropc: t -->
 Application configuration in ASP.NET Core is performed using one or more [configuration providers](#cp). Configuration providers read configuration data from key-value pairs using a variety of configuration sources:
 
 * Settings files, such as `appsettings.json`
@@ -135,6 +135,7 @@ Configuration data guidelines:
 * Never store passwords or other sensitive data in configuration provider code or in plain text configuration files. The [Secret Manager](xref:security/app-secrets) tool can be used to store secrets in development.
 * Don't use production secrets in development or test environments.
 * Specify secrets outside of the project so that they can't be accidentally committed to a source code repository.
+* Production apps should use the most secure authentication flow available. For more information, see [Secure authentication flows](xref:security/index#secure-authentication-flows).
 
 By [default](#default), the user secrets configuration source is registered after the JSON configuration sources. Therefore, user secrets keys take precedence over keys in `appsettings.json` and `appsettings.{Environment}.json`.
 
@@ -385,6 +386,8 @@ The preferred way to read hierarchical configuration data is using the options p
 
 ## Configuration keys and values
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 Configuration keys:
 
 * Are case-insensitive. For example, `ConnectionString` and `connectionstring` are treated as equivalent keys.
@@ -436,6 +439,8 @@ The preceding sequence of providers is used in the [default configuration](#defa
 
 ### Connection string prefixes
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 The Configuration API has special processing rules for four connection string environment variables. These connection strings are involved in configuring Azure connection strings for the app environment. Environment variables with the prefixes shown in the table are loaded into the app with the [default configuration](#default) or when no prefix is supplied to `AddEnvironmentVariables`.
 
 | Connection string prefix | Provider |

aspnetcore/fundamentals/configuration/index/includes/index7.md

@@ -1,5 +1,5 @@
 :::moniker range="= aspnetcore-7.0" 
-
+<!-- ms.sfi.ropc: t -->
 Application configuration in ASP.NET Core is performed using one or more [configuration providers](#cp). Configuration providers read configuration data from key-value pairs using a variety of configuration sources:
 
 * Settings files, such as `appsettings.json`
@@ -140,6 +140,7 @@ Configuration data guidelines:
 * Never store passwords or other sensitive data in configuration provider code or in plain text configuration files. The [Secret Manager](xref:security/app-secrets) tool can be used to store secrets in development.
 * Don't use production secrets in development or test environments.
 * Specify secrets outside of the project so that they can't be accidentally committed to a source code repository.
+* Production apps should use the most secure authentication flow available. For more information, see [Secure authentication flows](xref:security/index#secure-authentication-flows).
 
 By [default](#default), the user secrets configuration source is registered after the JSON configuration sources. Therefore, user secrets keys take precedence over keys in `appsettings.json` and `appsettings.{Environment}.json`.
 
@@ -390,6 +391,8 @@ The preferred way to read hierarchical configuration data is using the options p
 
 ## Configuration keys and values
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 Configuration keys:
 
 * Are case-insensitive. For example, `ConnectionString` and `connectionstring` are treated as equivalent keys.
@@ -441,6 +444,8 @@ The preceding sequence of providers is used in the [default configuration](#defa
 
 ### Connection string prefixes
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 The Configuration API has special processing rules for four connection string environment variables. These connection strings are involved in configuring Azure connection strings for the app environment. Environment variables with the prefixes shown in the table are loaded into the app with the [default configuration](#default) or when no prefix is supplied to `AddEnvironmentVariables`.
 
 | Connection string prefix | Provider |

aspnetcore/fundamentals/use-http-context.md

@@ -4,9 +4,11 @@ author: jamesnk
 description: How to use HttpContext in ASP.NET Core.
 monikerRange: '>= aspnetcore-3.1'
 ms.author: wpickett
-ms.date: 01/31/2022
+ms.date: 10/07/2024
 uid: fundamentals/use-httpcontext
 ---
+<!-- ms.sfi.ropc: t -->
+
 # Use HttpContext in ASP.NET Core
 
 [!INCLUDE[](~/includes/not-latest-version.md)]
@@ -28,7 +30,7 @@ Commonly used members on `HttpRequest` include:
 |<xref:Microsoft.AspNetCore.Http.HttpRequest.Headers?displayProperty=nameWithType>|A collection of request headers.|`user-agent=Edge`<br />`x-custom-header=MyValue`|
 |<xref:Microsoft.AspNetCore.Http.HttpRequest.RouteValues?displayProperty=nameWithType>|A collection of route values. The collection is set when the request is matched to a route.|`language=en`<br />`article=getstarted`|
 |<xref:Microsoft.AspNetCore.Http.HttpRequest.Query?displayProperty=nameWithType>|A collection of query values parsed from <xref:Microsoft.AspNetCore.Http.HttpRequest.QueryString>.|`filter=hello`<br />`page=1`|
-|[HttpRequest.ReadFormAsync()](xref:Microsoft.AspNetCore.Http.HttpRequest.ReadFormAsync(System.Threading.CancellationToken))|A method that reads the request body as a form and returns a form values collection. For information about why `ReadFormAsync` should be used to access form data, see [Prefer ReadFormAsync over Request.Form](xref:fundamentals/best-practices#prefer-readformasync-over-requestform).|`[email protected]`<br />`password=TNkt4taM`|
+|[HttpRequest.ReadFormAsync()](xref:Microsoft.AspNetCore.Http.HttpRequest.ReadFormAsync(System.Threading.CancellationToken))|A method that reads the request body as a form and returns a form values collection. For information about why `ReadFormAsync` should be used to access form data, see [Prefer ReadFormAsync over Request.Form](xref:fundamentals/best-practices#prefer-readformasync-over-requestform).|`[email protected]`|
 |<xref:Microsoft.AspNetCore.Http.HttpRequest.Body?displayProperty=nameWithType>|A <xref:System.IO.Stream> for reading the request body.|UTF-8 JSON payload|
 
 ### Get request headers