Skip to content

CLAUDE.md

Latest commit

 

History

History
74 lines (55 loc) · 2.91 KB

CLAUDE.md

File metadata and controls

74 lines (55 loc) · 2.91 KB

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

Build and Run Commands

# Build the project (uses modern .slnx format)
dotnet build BlazorServerBasicAuthSession.slnx

# Run the application
dotnet run --project BlazorServerBasicAuthSession.csproj

# Run in watch mode (hot reload)
dotnet watch --project BlazorServerBasicAuthSession.csproj

Project Overview

Blazor Server application (.NET 10 LTS, C# 14) demonstrating session-based authentication without Identity or JWT. Uses ASP.NET Core server sessions with distributed memory cache.

Demo credentials: admin@example.com / 123456 (hardcoded, not for production)

Namespace: BlazorAuth

Project Structure

Modern .NET project structure with centralized configuration:

  • BlazorServerBasicAuthSession.slnx - Modern XML solution format
  • BlazorServerBasicAuthSession.csproj - Project file using $(NetVersion)
  • Directory.Build.props - Centralized build properties
  • Directory.Packages.props - Central package version management
  • global.json - SDK version pinning (10.0.103)
  • NuGet.Config - Package source configuration

Architecture

Code Patterns (C# 14 / .NET 10)

  • Primary constructors for all services
  • Sealed classes for services and models
  • CancellationToken in all async service methods
  • Expression-bodied members for simple methods
  • Centralized target framework via $(NetVersion) property

Render Mode Strategy (Critical for Sessions)

  • Login.razor & Logout.razor - Static SSR (no @rendermode) - Allows session modification
  • Home.razor, Counter.razor - @rendermode InteractiveServer
  • App.razor - Routes without global rendermode, HeadOutlet with InteractiveServer

Important: Session state cannot be modified over SignalR (InteractiveServer). Auth pages must use Static SSR.

Authentication Flow

  1. SessionService manages HTTP session state via IHttpContextAccessor
  2. AuthenticationService handles login/logout, delegates session operations to SessionService
  3. Custom AuthorizeView component wraps protected content and redirects unauthenticated users
  4. Logout uses <a href="/logout"> (not @onclick) to trigger HTTP navigation

Service Registration Order (Program.cs)

Services must be registered in this order due to dependencies:

  1. IHttpContextAccessor
  2. ISessionService (depends on IHttpContextAccessor)
  3. IAuthenticationService (depends on ISessionService)

Key Components

  • Components/Pages/Shared/AuthorizeView.razor - Custom authorization wrapper
  • Components/Pages/Login.razor - Static SSR, form with [SupplyParameterFromForm]
  • Components/Pages/Logout.razor - Static SSR, clears session and redirects
  • Components/Layout/MainLayout.razor - Logout link (not button)

Session Configuration

  • 30-minute idle timeout
  • HttpOnly cookies
  • Essential cookies enabled
  • SecurePolicy: Always