Blazor.BFF.AzureAD.Template 1.0.8

There is a newer version of this package available.
See the version list below for details.
dotnet new install Blazor.BFF.AzureAD.Template::1.0.8
This package contains a .NET Template Package you can call from the shell/command line.


.NET NuGet Status Change log

This template can be used to create a Blazor WASM application hosted in an ASP.NET Core Web app using Azure AD and Microsoft.Identity.Web to authenticate using the BFF security architecture. (server authentication) This removes the tokens form the browser and uses cookies with each HTTP request, response. The template also adds the required security headers as best it can for a Blazor application.


  • WASM hosted in ASP.NET Core 6
  • BFF with Azure AD using Microsoft.Identity.Web
  • OAuth2 and OpenID Connect OIDC
  • No tokens in the browser

Using the template


dotnet new -i Blazor.BFF.AzureAD.Template


dotnet new blazorbffaad -n YourCompany.Bff

Use the -n or --name parameter to change the name of the output created. This string is also used to substitute the namespace name in the .cs file for the project.

Setup after installation

Add the Azure AD App registration settings

  "AzureAd": {
    "Instance": "",
    "Domain": "[Enter the domain of your tenant, e.g.]",
    "TenantId": "[Enter 'common', or 'organizations' or the Tenant Id (Obtained from the Azure portal. Select 'Endpoints' from the 'App registrations' blade and use the GUID in any of the URLs), e.g. da41245a5-11b3-996c-00a8-4d99re19f292]",
    "ClientId": "[Enter the Client Id (Application ID obtained from the Azure portal), e.g. ba74781c2-53c2-442a-97c2-3d60re42f403]",
    "ClientSecret": "[Copy the client secret added to the app from the Azure portal]",
    "ClientCertificates": [
    // the following is required to handle Continuous Access Evaluation challenges
    "ClientCapabilities": [ "cp1" ],
    "CallbackPath": "/signin-oidc"

Add the scopes for the downstream API if required

  "DownstreamApi": {
    "Scopes": "User.ReadBasic.All"


dotnet new -u Blazor.BFF.AzureAD.Template

Credits, Used NuGet packages + ASP.NET Core 6.0 standard packages

  • NetEscapades.AspNetCore.SecurityHeaders
  • IdentityModel.AspNetCore

This package has no dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.0.2 1,320 3/11/2023
2.0.1 1,033 1/22/2023
2.0.0 1,698 12/3/2022
1.2.7 3,247 9/23/2022
1.2.6 6,156 8/12/2022
1.2.5 1,686 8/7/2022
1.2.4 3,897 7/9/2022
1.2.3 6,597 5/22/2022
1.2.2 329 5/22/2022
1.2.1 1,660 5/20/2022
1.2.0 346 5/20/2022
1.1.0 5,370 3/20/2022
1.0.10 4,013 3/5/2022
1.0.9 6,213 2/11/2022
1.0.8 3,205 1/23/2022
1.0.7 1,005 1/21/2022
1.0.6 472 1/17/2022
1.0.5 1,982 1/9/2022
1.0.4 1,388 1/4/2022
1.0.2 7,458 12/9/2021
1.0.0 506 11/30/2021

Remove PWA items, default template uses anti-forgery cookies and no PWA support, Using the AuthorizedHandler for protected requests