Skip to content

Instantly share code, notes, and snippets.

Steve Sanderson SteveSandersonMS

  • Microsoft
Block or report user

Report or block SteveSandersonMS

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
SteveSandersonMS /
Last active Aug 5, 2019
Error handling in Server-Side Blazor

Error handling in Server-Side Blazor

Developers building Blazor applications should be aware of how the framework deals with exceptions, and what steps to take in order to maximize reliability and to detect and diagnose errors.

To recap, server-side Blazor is a stateful framework. For as long as users are interacting with your application, they maintain a connection to the server known as a circuit. The circuit holds all the active component instances, plus many other aspects of state such as the components' most recent render output and the current set of event-handling delegates that could be triggered by client-side events. If a user opens your application in multiple browser tabs, then they have multiple independent circuits.

As a high-level principle, Blazor treats most unhandled exceptions as fatal to that circuit. If a circuit is terminated due to an unhandled exception, the user can only continue by reloading the page to create a new circuit and starting again, although other circuits (e.g., th

SteveSandersonMS /
Last active Aug 5, 2019
Preserving State in Server-Side Blazor applications

Preserving State in Server-Side Blazor applications

Server-side Blazor is a stateful application framework. Most of the time, your users will maintain an ongoing connection to the server, and their state will be held in the server's memory in what's known as a "circuit". Examples of state held for a user's circuit include:

  • The UI being rendered (i.e., the hierarchy of component instances and their most recent render output)
  • The values of any fields and properties in component instances
  • Data held in DI service instances that are scoped to the circuit

Occasionally, users may experience a temporary network connection loss, after which Blazor will attempt to reconnect them to their original circuit so they can continue.

View RevalidatingAuthenticationStateProvider.cs
public class RevalidatingAuthenticationStateProvider : AuthenticationStateProvider, IDisposable
private static TimeSpan RefreshInterval = TimeSpan.FromMinutes(30);
private readonly CancellationTokenSource _cts;
private ClaimsPrincipal _currentUser;
public RevalidatingAuthenticationStateProvider(SignInManager<IdentityUser> signInManager)
_cts = new CancellationTokenSource();
SteveSandersonMS /
Created Jun 11, 2019
Blazor authentication and authorization

Authentication and Authorization

Authentication means determining who a particular user is. Authorization means applying rules about what they can do. Blazor contains features for handling both aspects of this.

It worth remembering how the overall goals differ between server-side Blazor and client-side Blazor:

  • Server-side Blazor applications run on the server. As such, correctly-implemented authorization checks are both how you determine which UI options to show (e.g., which menu entries are available to a certain user) and where you actually enforce access rules.
  • Client-side Blazor applications run on the client. As such, authorization is only used as a way of determining what UI options to show (e.g., which menu entries). The actual enforcement of authorization rules must be implemented on whatever backend server your application operates on, since any client-side checks can be modified or bypassed.

Authentication-enabled templates for Server-Side Blazor

SteveSandersonMS /
Last active Aug 5, 2019
Why sequence numbers should relate to code line numbers, not execution order

Why sequence numbers should relate to code line numbers, not execution order

Or in other words, why you should hard-code sequence numbers, and not generate them programmatically.

Unlike .jsx files, .razor/.cshtml files are always compiled. This is potentially a great advantage for .razor, because we can use the compile step to inject information that makes things better or faster at runtime.

A key example of this are sequence numbers. These indicate to the runtime which outputs came from which distinct and ordered lines of code. The runtime uses this information to generate efficient tree diffs in linear time, which is far faster than is normally possible for a general tree diff algorithm.


SteveSandersonMS /
Last active Jun 5, 2019
Authentication and Authorization

This document describes options and proposals for #4048.

Overall goals


  • In Razor Components, enable customers to use as much of ASP.NET Core's existing authentication/authorization/identity feature set as possible. Minimize the invention of new stuff; maximize orthogonality.
  • Provide a programming model that can be consistent across Razor Components (server-side) and Blazor (client-side), so components that use authorization can still be portable across the two, even if app-level Startup.cs logic is completely different for the two runtime environments.

The Razor Components auth feature set will be mostly the same as for MVC/Pages. We'll get the same long-tail features such as integration with 3rd-party social logins, 2FA, etc. The Razor Components template will support the same four auth options during project creation, and the "Scaffold Identity" feature will be usable on existing Razor Components projects.

SteveSandersonMS / ITab.cs
Created Nov 15, 2018
Blazor tab example
View ITab.cs
using Microsoft.AspNetCore.Blazor;
public interface ITab
RenderFragment ChildContent { get; }
View Cross-component

Cross-component interactions

Blazor should make it easy to build all the classic high-level UI widgets, such as forms, grids, tabs, dialogs, and so on. One of the big technical pieces needed for this is templated components, and since 0.6.0 we have strong support for that. Another necessary bit of infrastructure is a mechanism for components to collaborate based on ancestor/descendant relationships. For example:

  • In a Form component, you'd want nested Input components to be able to affect the form's validation on submit.
  • In a TabSet component, you'd want the TabSet to discover nested Tab components so it knows what tab titles to display, and to render only the active one (either by TabSet choosing which child to render, or by Tab knowing whether it's currently the active one).
  • In a NavBar component, you'd want a HamburgerButton component to be able to send a "toggle expansion" signal to the NavBar.

As of today, all these are possible but only through manual wiring. For exa

SteveSandersonMS / BlazorForm.cshtml
Created Sep 21, 2018
Validation mockup A: explicit <ValidateXyz> components that take a Func<T>
View BlazorForm.cshtml
@* Unfortunately this has to be named BlazorForm, not Form, because we can't differentiate based on casing *@
<form onsubmit=@HandleSubmit>
@functions {
private FormContext _context = new FormContext();
[Parameter] protected RenderFragment<FormContext> ChildContent { get; set; }
[Parameter] protected Action<FormContext> OnSubmit { get; set; }
View linker

Blazor: Adding a custom linker config

In your csproj file, add the following:

  <Target Name="AddCustomLinkerDescriptor" AfterTargets="_CollectBlazorLinkerDescriptors">
      <BlazorLinkerDescriptor Include="CustomLinkerConfig.xml" />
You can’t perform that action at this time.