Blazor Expert
Wire cookie or WASM authentication and authorization for Blazor Server or WebAssembly apps using copy-paste Program.cs and provider patterns.
Overview
blazor-expert is an agent skill for the Build phase that configures Blazor Server and WebAssembly authentication and authorization in ASP.NET Core.
Install
npx skills add https://github.com/markpitt/claude-skills --skill blazor-expertWhat is this skill?
- Blazor Server cookie auth with LoginPath, LogoutPath, and AccessDeniedPath configuration
- Middleware ordering: UseAuthentication and UseAuthorization before MapBlazorHub
- Blazor WebAssembly AddAuthorizationCore plus CustomAuthStateProvider scaffold
- Side-by-side Server versus WASM setup snippets in C#
Adoption & trust: 516 installs on skills.sh; 18 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your Blazor app builds but users hit unauthorized loops because cookie auth, middleware order, or WASM AuthenticationStateProvider wiring is wrong.
Who is it for?
.NET solo builders implementing login, protected components, and policy checks on Blazor Server or WASM.
Skip if: Non-Blazor stacks (React-only SPAs), greenfield identity design without C#, or production hardening without your own threat model review.
When should I use this skill?
Implementing or debugging authentication and authorization for Blazor Server or Blazor WebAssembly in ASP.NET Core.
What do I get? / Deliverables
You get working Server or WASM auth registration patterns and a CustomAuthStateProvider starting point aligned with ASP.NET Core authorization.
- Program.cs auth configuration
- CustomAuthStateProvider scaffold for WASM
Recommended Skills
Journey fit
Auth plumbing is core product build work for .NET web apps before you can ship secured UI and APIs. Frontend covers Blazor components, routing middleware order, and AuthenticationStateProvider integration even when cookies touch the host pipeline.
How it compares
Use as a Blazor-specific auth cookbook, not as a generic OAuth MCP integration or hosted identity SaaS.
Common Questions / FAQ
Who is blazor-expert for?
Solo and small-team .NET developers building Blazor Server or WebAssembly apps who need correct auth middleware and provider setup.
When should I use blazor-expert?
During Build/frontend or backend integration when adding cookie auth to Server apps or AuthenticationStateProvider to WASM before ship-time security review.
Is blazor-expert safe to install?
It supplies code patterns only; review the Security Audits panel on this page and validate secrets, cookies, and HTTPS in your own environment.
SKILL.md
READMESKILL.md - Blazor Expert
# Blazor Authentication & Authorization ## Authentication Setup ### Blazor Server Setup ```csharp // Program.cs var builder = WebApplication.CreateBuilder(args); // Add authentication builder.Services .AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(options => { options.LoginPath = "/login"; options.LogoutPath = "/logout"; options.AccessDeniedPath = "/unauthorized"; }); builder.Services.AddAuthorizationCore(); // Add Blazor Server builder.Services.AddRazorPages(); builder.Services.AddServerSideBlazor(); var app = builder.Build(); // Add authentication middleware BEFORE MapRazorPages app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.MapRazorPages(); app.MapBlazorHub(); ``` ### Blazor WebAssembly Setup ```csharp // Program.cs var builder = WebAssemblyHostBuilder.CreateDefault(args); builder.RootComponents.Add<App>("#app"); // Add authentication builder.Services.AddAuthorizationCore(); builder.Services.AddScoped<AuthenticationStateProvider, CustomAuthStateProvider>(); builder.Services.AddScoped<HttpClient>(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) }); await builder.Build().RunAsync(); // CustomAuthStateProvider public class CustomAuthStateProvider : AuthenticationStateProvider { private readonly HttpClient httpClient; public CustomAuthStateProvider(HttpClient httpClient) { this.httpClient = httpClient; } public override async Task<AuthenticationState> GetAuthenticationStateAsync() { try { var user = await httpClient.GetJsonAsync<UserInfo>("/api/user"); var claims = new[] { new Claim(ClaimTypes.NameIdentifier, user.Id), new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email) }; var identity = new ClaimsIdentity(claims, "Custom"); return new AuthenticationState(new ClaimsPrincipal(identity)); } catch { return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity())); } } } ``` ## AuthorizeView Component AuthorizeView displays content conditionally based on authorization status. ### Basic Authorization Check ```html <AuthorizeView> <Authorized> <p>Hello, @context.User.Identity?.Name!</p> </Authorized> <NotAuthorized> <p>Please log in.</p> </NotAuthorized> </AuthorizeView> ``` ### Authorize by Role ```html <AuthorizeView Roles="Admin"> <p>This content is only for Admins</p> </AuthorizeView> <AuthorizeView Roles="User, Moderator"> <p>User or Moderator content</p> </AuthorizeView> ``` ### Authorize by Policy ```html <AuthorizeView Policy="ContentEditor"> <p>Only content editors can see this</p> </AuthorizeView> ``` ### Multiple AuthorizeView States ```html <AuthorizeView> <Authorized> @if (context.User.IsInRole("Admin")) { <p>Admin dashboard</p> } else if (context.User.IsInRole("Editor")) { <p>Editor dashboard</p> } else { <p>User dashboard</p> } </Authorized> <Authorizing> <p>Checking authorization...</p> </Authorizing> <NotAuthorized> <p>Not authorized</p> </NotAuthorized> </AuthorizeView> ``` ### Authorize Multiple Resources ```html <AuthorizeView Context="Auth"> <Authorized> <div> <h2>@Auth.User.Identity?.Name</h2> @if (Auth.User.IsInRole("Admin")) { <a href="/admin">Admin Panel</a> } @if (Auth.User.HasClaim("department", "engineering")) { <a href="/engineering">Engineering</a> } </div> </Authorized> </AuthorizeView> ``` ## Authorize Attribute Apply `[Author