Merge branch 'net9'

BlazorBff/BlazorWasmHostedMeID/Client/BlazorWasmHostedMeID.Client.csproj

@@ -1,17 +1,17 @@
 <Project Sdk="Microsoft.NET.Sdk.BlazorWebAssembly">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <NoDefaultLaunchSettingsFile>true</NoDefaultLaunchSettingsFile>
     <Nullable>enable</Nullable>
 	<ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="8.0.4" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="8.0.4" PrivateAssets="all" />
-    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="8.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="9.0.0" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="9.0.0" />
   </ItemGroup>
 
   <ItemGroup>

BlazorBff/BlazorWasmHostedMeID/Client/Services/AuthorizedHandler.cs

@@ -18,7 +18,7 @@ protected override async Task<HttpResponseMessage> SendAsync(
     {
         var authState = await _authenticationStateProvider.GetAuthenticationStateAsync();
         HttpResponseMessage responseMessage;
-        if (authState.User.Identity!= null && !authState.User.Identity.IsAuthenticated)
+        if (authState.User.Identity != null && !authState.User.Identity.IsAuthenticated)
         {
             // if user is not authenticated, immediately set response status to 401 Unauthorized
             responseMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);

BlazorBff/BlazorWasmHostedMeID/Server/BlazorWasmHostedMeID.Server.csproj

@@ -1,29 +1,26 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
 	<PropertyGroup>
-		<TargetFramework>net8.0</TargetFramework>
+		<TargetFramework>net9.0</TargetFramework>
 		<Nullable>enable</Nullable>
 		<UserSecretsId>7b7a3ab3-3ad6-4820-a521-dcdaf28f15cb</UserSecretsId>
 		<ImplicitUsings>enable</ImplicitUsings>
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="8.0.4" />
-		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="0.21.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.0" NoWarn="NU1605" />
+    <PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="3.5.0" />
+    <PackageReference Include="Magick.NET-Q16-AnyCPU" Version="14.3.0" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="3.5.0" />
+    <PackageReference Include="Microsoft.Identity.Web.UI" Version="3.5.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.0.0-preview.2" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.0.0-preview.2" />
 	</ItemGroup>
 
 	<ItemGroup>
 		<ProjectReference Include="..\Client\BlazorWasmHostedMeID.Client.csproj" />
 		<ProjectReference Include="..\Shared\BlazorWasmHostedMeID.Shared.csproj" />
 	</ItemGroup>
 
-	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.4" NoWarn="NU1605" />
-		<PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="2.17.4" />
-		<PackageReference Include="Magick.NET-Q16-AnyCPU" Version="13.6.0" />
-		<PackageReference Include="Microsoft.Identity.Web" Version="2.17.4" />
-		<PackageReference Include="Microsoft.Identity.Web.UI" Version="2.17.4" />
-		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.21.0" />
-	</ItemGroup>
-
 </Project>

BlazorBff/BlazorWasmHostedMeID/Server/Cae/WebApiMsalUiRequiredException.cs

@@ -1,5 +1,5 @@
-using System.Net.Http.Headers;
-using System.Net;
+using System.Net;
+using System.Net.Http.Headers;
 
 namespace BlazorWasmHostedMeID.Server;
 

BlazorBff/BlazorWasmHostedMeID/Server/Controllers/AccountController.cs

@@ -19,7 +19,7 @@ public ActionResult Login(string? returnUrl, string? claimsChallenge)
 
         var properties = new AuthenticationProperties { RedirectUri = redirectUri };
 
-        if(claimsChallenge != null)
+        if (claimsChallenge != null)
         {
             string jsonString = claimsChallenge.Replace("\\", "")
                 .Trim(new char[1] { '"' });

BlazorBff/BlazorWasmHostedMeID/Server/Controllers/DemoAdminController.cs

@@ -6,7 +6,7 @@
 namespace BlazorWasmHostedMeID.Server.Controllers;
 
 [ValidateAntiForgeryToken]
-[Authorize(Policy= "DemoAdmins", AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
+[Authorize(Policy = "DemoAdmins", AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
 [AuthorizeForScopes(Scopes = new string[] { "api://b2a09168-54e2-4bc4-af92-a710a64ef1fa/access_as_user" })]
 [ApiController]
 [Route("api/[controller]")]

BlazorBff/BlazorWasmHostedMeID/Server/Controllers/GraphProfileController.cs

@@ -1,6 +1,4 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using BlazorWasmHostedMeID.Server.Services.Delegated;
+using BlazorWasmHostedMeID.Server.Services.Delegated;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

BlazorBff/BlazorWasmHostedMeID/Server/GraphApiClaimsTransformation.cs

@@ -23,7 +23,7 @@ public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
             var objectidentifierClaimType = "http://schemas.microsoft.com/identity/claims/objectidentifier";
             var objectIdentifier = principal.Claims.FirstOrDefault(t => t.Type == objectidentifierClaimType);
 
-            if(objectIdentifier != null)
+            if (objectIdentifier != null)
             {
                 var groupIds = await _msGraphApplicationService
                     .GetGraphApiUserMemberGroups(objectIdentifier.Value);

BlazorBff/BlazorWasmHostedMeID/Server/Program.cs

@@ -9,6 +9,7 @@
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.Identity.Web;
 using Microsoft.Identity.Web.UI;
+using NetEscapades.AspNetCore.SecurityHeaders.Infrastructure;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -19,7 +20,14 @@
 
 var services = builder.Services;
 var configuration = builder.Configuration;
-var env = builder.Environment;
+
+services.AddSecurityHeaderPolicies()
+  .SetPolicySelector((PolicySelectorContext ctx) =>
+  {
+      return SecurityHeadersDefinitions.GetHeaderPolicyCollection(
+          builder.Environment.IsDevelopment(),
+          configuration["AzureAd:Instance"]);
+  });
 
 services.AddScoped<MsGraphDelegatedService>();
 services.AddScoped<MsGraphApplicationService>();
@@ -65,7 +73,7 @@
 
 var app = builder.Build();
 
-if (env.IsDevelopment())
+if (app.Environment.IsDevelopment())
 {
     app.UseDeveloperExceptionPage();
     app.UseWebAssemblyDebugging();
@@ -75,9 +83,7 @@
     app.UseExceptionHandler("/Error");
 }
 
-app.UseSecurityHeaders(
-    SecurityHeadersDefinitions.GetHeaderPolicyCollection(env.IsDevelopment(),
-        configuration["AzureAd:Instance"]));
+app.UseSecurityHeaders();
 
 app.UseHttpsRedirection();
 app.UseBlazorFrameworkFiles();

BlazorBff/BlazorWasmHostedMeID/Server/SecurityHeadersDefinitions.cs

@@ -26,39 +26,21 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
                 // due to Blazor
                 builder.AddScriptSrc()
-                  .WithNonce()
-                  .UnsafeEval() // due to Blazor WASM
-                  .StrictDynamic()
-                  .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
-                
+                    .WithNonce()
+                    .UnsafeEval() // due to Blazor WASM
+                    .StrictDynamic()
+                    .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
+
             })
             .RemoveServerHeader()
-            .AddPermissionsPolicy(builder =>
-            {
-                builder.AddAccelerometer().None();
-                builder.AddAutoplay().None();
-                builder.AddCamera().None();
-                builder.AddEncryptedMedia().None();
-                builder.AddFullscreen().All();
-                builder.AddGeolocation().None();
-                builder.AddGyroscope().None();
-                builder.AddMagnetometer().None();
-                builder.AddMicrophone().None();
-                builder.AddMidi().None();
-                builder.AddPayment().None();
-                builder.AddPictureInPicture().None();
-                builder.AddSyncXHR().None();
-                builder.AddUsb().None();
-            });
+            .AddPermissionsPolicyWithDefaultSecureDirectives();
 
         if (!isDev)
         {
             // maxage = one year in seconds
             policy.AddStrictTransportSecurityMaxAgeIncludeSubDomains();
         }
 
-        policy.ApplyDocumentHeadersToAllResponses();
-
         return policy;
     }
 }

BlazorBff/BlazorWasmHostedMeID/Server/Services/Application/MsGraphApplicationService.cs

@@ -1,7 +1,7 @@
 using Azure.Identity;
-using Microsoft.Graph.Users.Item.GetMemberGroups;
-using Microsoft.Graph.Models;
 using Microsoft.Graph;
+using Microsoft.Graph.Models;
+using Microsoft.Graph.Users.Item.GetMemberGroups;
 
 namespace BlazorWasmHostedMeID.Server.Services.Application;
 

BlazorBff/BlazorWasmHostedMeID/Shared/Authorization/UserInfo.cs

@@ -1,6 +1,4 @@
-using System.Collections.Generic;
-
-namespace BlazorWasmHostedMeID.Shared.Authorization;
+namespace BlazorWasmHostedMeID.Shared.Authorization;
 
 public class UserInfo
 {

BlazorBff/BlazorWasmHostedMeID/Shared/BlazorWasmHostedMeID.Shared.csproj

@@ -1,13 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="8.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="9.0.0" />
   </ItemGroup>
 
   <ItemGroup>