From e65e2221e5b4085729e70e17af1b778710f09c39 Mon Sep 17 00:00:00 2001
From: damienbod <damien_bod@hotmail.com>
Date: Thu, 2 Jan 2025 14:47:20 +0100
Subject: [PATCH] .NET 9

---
 .../Client/BlazorWasmHostedMeID.Client.csproj | 10 +++----
 .../Client/Services/AuthorizedHandler.cs      |  2 +-
 .../Server/BlazorWasmHostedMeID.Server.csproj | 21 ++++++-------
 .../Cae/WebApiMsalUiRequiredException.cs      |  4 +--
 .../Server/Controllers/AccountController.cs   |  2 +-
 .../Server/Controllers/DemoAdminController.cs |  2 +-
 .../Controllers/GraphProfileController.cs     |  4 +--
 .../Server/GraphApiClaimsTransformation.cs    |  2 +-
 .../BlazorWasmHostedMeID/Server/Program.cs    | 16 ++++++----
 .../Server/SecurityHeadersDefinitions.cs      | 30 ++++---------------
 .../Application/MsGraphApplicationService.cs  |  4 +--
 .../Shared/Authorization/UserInfo.cs          |  4 +--
 .../Shared/BlazorWasmHostedMeID.Shared.csproj |  4 +--
 13 files changed, 43 insertions(+), 62 deletions(-)

diff --git a/BlazorBff/BlazorWasmHostedMeID/Client/BlazorWasmHostedMeID.Client.csproj b/BlazorBff/BlazorWasmHostedMeID/Client/BlazorWasmHostedMeID.Client.csproj
index af32e74..604285a 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Client/BlazorWasmHostedMeID.Client.csproj
+++ b/BlazorBff/BlazorWasmHostedMeID/Client/BlazorWasmHostedMeID.Client.csproj
@@ -1,17 +1,17 @@
 <Project Sdk="Microsoft.NET.Sdk.BlazorWebAssembly">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <NoDefaultLaunchSettingsFile>true</NoDefaultLaunchSettingsFile>
     <Nullable>enable</Nullable>
 	<ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="8.0.4" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="8.0.4" PrivateAssets="all" />
-    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="8.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="9.0.0" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="9.0.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/BlazorBff/BlazorWasmHostedMeID/Client/Services/AuthorizedHandler.cs b/BlazorBff/BlazorWasmHostedMeID/Client/Services/AuthorizedHandler.cs
index 69b787b..5816ca2 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Client/Services/AuthorizedHandler.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Client/Services/AuthorizedHandler.cs
@@ -18,7 +18,7 @@ protected override async Task<HttpResponseMessage> SendAsync(
     {
         var authState = await _authenticationStateProvider.GetAuthenticationStateAsync();
         HttpResponseMessage responseMessage;
-        if (authState.User.Identity!= null && !authState.User.Identity.IsAuthenticated)
+        if (authState.User.Identity != null && !authState.User.Identity.IsAuthenticated)
         {
             // if user is not authenticated, immediately set response status to 401 Unauthorized
             responseMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/BlazorWasmHostedMeID.Server.csproj b/BlazorBff/BlazorWasmHostedMeID/Server/BlazorWasmHostedMeID.Server.csproj
index 04fecd6..f7988df 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/BlazorWasmHostedMeID.Server.csproj
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/BlazorWasmHostedMeID.Server.csproj
@@ -1,15 +1,21 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
 	<PropertyGroup>
-		<TargetFramework>net8.0</TargetFramework>
+		<TargetFramework>net9.0</TargetFramework>
 		<Nullable>enable</Nullable>
 		<UserSecretsId>7b7a3ab3-3ad6-4820-a521-dcdaf28f15cb</UserSecretsId>
 		<ImplicitUsings>enable</ImplicitUsings>
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="8.0.4" />
-		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="0.21.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.0" NoWarn="NU1605" />
+    <PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="3.5.0" />
+    <PackageReference Include="Magick.NET-Q16-AnyCPU" Version="14.3.0" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="3.5.0" />
+    <PackageReference Include="Microsoft.Identity.Web.UI" Version="3.5.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.0.0-preview.2" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.0.0-preview.2" />
 	</ItemGroup>
 
 	<ItemGroup>
@@ -17,13 +23,4 @@
 		<ProjectReference Include="..\Shared\BlazorWasmHostedMeID.Shared.csproj" />
 	</ItemGroup>
 
-	<ItemGroup>
-		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.4" NoWarn="NU1605" />
-		<PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="2.17.4" />
-		<PackageReference Include="Magick.NET-Q16-AnyCPU" Version="13.6.0" />
-		<PackageReference Include="Microsoft.Identity.Web" Version="2.17.4" />
-		<PackageReference Include="Microsoft.Identity.Web.UI" Version="2.17.4" />
-		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.21.0" />
-	</ItemGroup>
-
 </Project>
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/Cae/WebApiMsalUiRequiredException.cs b/BlazorBff/BlazorWasmHostedMeID/Server/Cae/WebApiMsalUiRequiredException.cs
index e78495c..fbd46d9 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/Cae/WebApiMsalUiRequiredException.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/Cae/WebApiMsalUiRequiredException.cs
@@ -1,5 +1,5 @@
-using System.Net.Http.Headers;
-using System.Net;
+using System.Net;
+using System.Net.Http.Headers;
 
 namespace BlazorWasmHostedMeID.Server;
 
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/AccountController.cs b/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/AccountController.cs
index fafda4d..d98b5f7 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/AccountController.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/AccountController.cs
@@ -19,7 +19,7 @@ public ActionResult Login(string? returnUrl, string? claimsChallenge)
 
         var properties = new AuthenticationProperties { RedirectUri = redirectUri };
 
-        if(claimsChallenge != null)
+        if (claimsChallenge != null)
         {
             string jsonString = claimsChallenge.Replace("\\", "")
                 .Trim(new char[1] { '"' });
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/DemoAdminController.cs b/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/DemoAdminController.cs
index 343e56e..a471852 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/DemoAdminController.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/DemoAdminController.cs
@@ -6,7 +6,7 @@
 namespace BlazorWasmHostedMeID.Server.Controllers;
 
 [ValidateAntiForgeryToken]
-[Authorize(Policy= "DemoAdmins", AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
+[Authorize(Policy = "DemoAdmins", AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
 [AuthorizeForScopes(Scopes = new string[] { "api://b2a09168-54e2-4bc4-af92-a710a64ef1fa/access_as_user" })]
 [ApiController]
 [Route("api/[controller]")]
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/GraphProfileController.cs b/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/GraphProfileController.cs
index f2939d0..29907f5 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/GraphProfileController.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/Controllers/GraphProfileController.cs
@@ -1,6 +1,4 @@
-using System.Collections.Generic;
-using System.Threading.Tasks;
-using BlazorWasmHostedMeID.Server.Services.Delegated;
+using BlazorWasmHostedMeID.Server.Services.Delegated;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/GraphApiClaimsTransformation.cs b/BlazorBff/BlazorWasmHostedMeID/Server/GraphApiClaimsTransformation.cs
index 79a261c..9a921d2 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/GraphApiClaimsTransformation.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/GraphApiClaimsTransformation.cs
@@ -23,7 +23,7 @@ public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
             var objectidentifierClaimType = "http://schemas.microsoft.com/identity/claims/objectidentifier";
             var objectIdentifier = principal.Claims.FirstOrDefault(t => t.Type == objectidentifierClaimType);
 
-            if(objectIdentifier != null)
+            if (objectIdentifier != null)
             {
                 var groupIds = await _msGraphApplicationService
                     .GetGraphApiUserMemberGroups(objectIdentifier.Value);
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/Program.cs b/BlazorBff/BlazorWasmHostedMeID/Server/Program.cs
index a5cef14..f9c7fc4 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/Program.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/Program.cs
@@ -9,6 +9,7 @@
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.Identity.Web;
 using Microsoft.Identity.Web.UI;
+using NetEscapades.AspNetCore.SecurityHeaders.Infrastructure;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -19,7 +20,14 @@
 
 var services = builder.Services;
 var configuration = builder.Configuration;
-var env = builder.Environment;
+
+services.AddSecurityHeaderPolicies()
+  .SetPolicySelector((PolicySelectorContext ctx) =>
+  {
+      return SecurityHeadersDefinitions.GetHeaderPolicyCollection(
+          builder.Environment.IsDevelopment(),
+          configuration["AzureAd:Instance"]);
+  });
 
 services.AddScoped<MsGraphDelegatedService>();
 services.AddScoped<MsGraphApplicationService>();
@@ -65,7 +73,7 @@
 
 var app = builder.Build();
 
-if (env.IsDevelopment())
+if (app.Environment.IsDevelopment())
 {
     app.UseDeveloperExceptionPage();
     app.UseWebAssemblyDebugging();
@@ -75,9 +83,7 @@
     app.UseExceptionHandler("/Error");
 }
 
-app.UseSecurityHeaders(
-    SecurityHeadersDefinitions.GetHeaderPolicyCollection(env.IsDevelopment(),
-        configuration["AzureAd:Instance"]));
+app.UseSecurityHeaders();
 
 app.UseHttpsRedirection();
 app.UseBlazorFrameworkFiles();
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/SecurityHeadersDefinitions.cs b/BlazorBff/BlazorWasmHostedMeID/Server/SecurityHeadersDefinitions.cs
index 7208ddb..32e9267 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/SecurityHeadersDefinitions.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/SecurityHeadersDefinitions.cs
@@ -26,30 +26,14 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
                 // due to Blazor
                 builder.AddScriptSrc()
-                  .WithNonce()
-                  .UnsafeEval() // due to Blazor WASM
-                  .StrictDynamic()
-                  .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
-                
+                    .WithNonce()
+                    .UnsafeEval() // due to Blazor WASM
+                    .StrictDynamic()
+                    .UnsafeInline(); // only a fallback for older browsers when the nonce is used 
+
             })
             .RemoveServerHeader()
-            .AddPermissionsPolicy(builder =>
-            {
-                builder.AddAccelerometer().None();
-                builder.AddAutoplay().None();
-                builder.AddCamera().None();
-                builder.AddEncryptedMedia().None();
-                builder.AddFullscreen().All();
-                builder.AddGeolocation().None();
-                builder.AddGyroscope().None();
-                builder.AddMagnetometer().None();
-                builder.AddMicrophone().None();
-                builder.AddMidi().None();
-                builder.AddPayment().None();
-                builder.AddPictureInPicture().None();
-                builder.AddSyncXHR().None();
-                builder.AddUsb().None();
-            });
+            .AddPermissionsPolicyWithDefaultSecureDirectives();
 
         if (!isDev)
         {
@@ -57,8 +41,6 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
             policy.AddStrictTransportSecurityMaxAgeIncludeSubDomains();
         }
 
-        policy.ApplyDocumentHeadersToAllResponses();
-
         return policy;
     }
 }
diff --git a/BlazorBff/BlazorWasmHostedMeID/Server/Services/Application/MsGraphApplicationService.cs b/BlazorBff/BlazorWasmHostedMeID/Server/Services/Application/MsGraphApplicationService.cs
index af5d3e7..9f24c7f 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Server/Services/Application/MsGraphApplicationService.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Server/Services/Application/MsGraphApplicationService.cs
@@ -1,7 +1,7 @@
 using Azure.Identity;
-using Microsoft.Graph.Users.Item.GetMemberGroups;
-using Microsoft.Graph.Models;
 using Microsoft.Graph;
+using Microsoft.Graph.Models;
+using Microsoft.Graph.Users.Item.GetMemberGroups;
 
 namespace BlazorWasmHostedMeID.Server.Services.Application;
 
diff --git a/BlazorBff/BlazorWasmHostedMeID/Shared/Authorization/UserInfo.cs b/BlazorBff/BlazorWasmHostedMeID/Shared/Authorization/UserInfo.cs
index 55fe370..5e9def4 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Shared/Authorization/UserInfo.cs
+++ b/BlazorBff/BlazorWasmHostedMeID/Shared/Authorization/UserInfo.cs
@@ -1,6 +1,4 @@
-using System.Collections.Generic;
-
-namespace BlazorWasmHostedMeID.Shared.Authorization;
+namespace BlazorWasmHostedMeID.Shared.Authorization;
 
 public class UserInfo
 {
diff --git a/BlazorBff/BlazorWasmHostedMeID/Shared/BlazorWasmHostedMeID.Shared.csproj b/BlazorBff/BlazorWasmHostedMeID/Shared/BlazorWasmHostedMeID.Shared.csproj
index 9cbf353..883b052 100644
--- a/BlazorBff/BlazorWasmHostedMeID/Shared/BlazorWasmHostedMeID.Shared.csproj
+++ b/BlazorBff/BlazorWasmHostedMeID/Shared/BlazorWasmHostedMeID.Shared.csproj
@@ -1,13 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="8.0.4" />
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" Version="9.0.0" />
   </ItemGroup>
 
   <ItemGroup>