ASP.NET Core and Blazor updates in .NET Core 3.0 Preview 6

Daniel Roth


.NET Core 3.0 Preview 6 is now available and it includes a bunch of new updates to ASP.NET Core and Blazor.

Here’s the list of what’s new in this preview:

  • New Razor features: @attribute, @code, @key, @namespace, markup in @functions
  • Blazor directive attributes
  • Authentication & authorization support for Blazor apps
  • Static assets in Razor class libraries
  • Json.NET no longer referenced in project templates
  • Certificate and Kerberos Authentication
  • SignalR Auto-reconnect
  • Managed gRPC Client
  • gRPC Client Factory
  • gRPC Interceptors

Please see the release notes for additional details and known issues.

Get started

To get started with ASP.NET Core in .NET Core 3.0 Preview 6 install the .NET Core 3.0 Preview 6 SDK

If you’re on Windows using Visual Studio, you also need to install the latest preview of Visual Studio 2019.

For the latest client-side Blazor templates also install the latest Blazor extension from the Visual Studio Marketplace.

Upgrade an existing project

To upgrade an existing an ASP.NET Core app to .NET Core 3.0 Preview 6, follow the migrations steps in the ASP.NET Core docs.

Please also see the full list of breaking changes in ASP.NET Core 3.0.

To upgrade an existing ASP.NET Core 3.0 Preview 5 project to Preview 6:

  • Update Microsoft.AspNetCore.* package references to 3.0.0-preview6.19307.2
  • In Blazor apps:
    • Rename @functions to @code
    • Update Blazor specific attributes and event handlers to use the new directive attribute syntax (see below)
    • Remove any call to app.UseBlazor<TStartup>() and instead add a call to app.UseClientSideBlazorFiles<TStartup>() before the call to app.UseRouting(). Also add a call to endpoints.MapFallbackToClientSideBlazor<TStartup>("index.html") in the call to app.UseEndpoints().



app.UseEndpoints(endpoints =>





app.UseEndpoints(endpoints =>

New Razor features

We’ve added support for the following new Razor language features in this release.


The new @attribute directive adds the specified attribute to the generated class.

@attribute [Authorize]


The new @code directive is used in .razor files (not supported in .cshtml files) to specify a code block to add to the generated class as additional members. It’s equivalent to @functions, but now with a better name.

@code {
    int currentCount = 0;

    void IncrementCount()


The new @key directive attribute is used in .razor files to specify a value (any object or unique identifier) that the Blazor diffing algorithm can use to preserve elements or components in a list.

    @foreach (var flight in Flights)
        <DetailsCard @key="flight" Flight="@flight" />

To understand why this feature is needed, consider rendering a list of cards with flight details without this feature:

    @foreach (var flight in Flights)
        <DetailsCard Flight="@flight" />

If you add a new flight into the middle of the Flights list the existing DetailsCard instances should remain unaffected and one new DetailsCard should be inserted into the rendered output.

To visualize this, if Flights previously contained [F0, F1, F2], then this is the before state:

  • DetailsCard0, with Flight=F0
  • DetailsCard1, with Flight=F1
  • DetailsCard2, with Flight=F2

… and this is the desired after state, given we insert a new item FNew at index 1:

  • DetailsCard0, with Flight=F0
  • DetailsCardNew, with Flight=FNew
  • DetailsCard1, with Flight=F1
  • DetailsCard2, with Flight=F2

However, the actual after state this:

  • DetailsCard0, with Flight=F0
  • DetailsCard1, with Flight=FNew
  • DetailsCard2, with Flight=F1
  • DetailsCardNew, with Flight=F2

The system has no way to know that DetailsCard2 or DetailsCard3 should preserve their associations with their older Flight instances, so it just re-associates them with whatever Flight matches their position in the list. As a result, DetailsCard1 and DetailsCard2 rebuild themselves completely using new data, which is wasteful and sometimes even leads to user-visible problems (e.g., input focus is unexpectedly lost).

By adding keys using @key the diffing algorithm can associate the old and new elements or components.


Specifies the namespace for the generated class or the namespace prefix when used in an _Imports.razor file. The @namespace directive works today in pages and views (.cshtml) apps, but is now it is also supported with components (.razor).

@namespace MyNamespace

Markup in @functions and local functions

In views and pages (.cshtml files) you can now add markup inside of methods in the @functions block and in local functions.

@{ GreetPerson(person); }

@functions {
    void GreetPerson(Person person)
        <p>Hello, <em>@person.Name!</em></p>

Blazor directive attributes

Blazor uses a variety of attributes for influencing how components get compiled (e.g. ref, bind, event handlers, etc.). These attributes have been added organically to Blazor over time and use different syntaxes. In this Blazor release we’ve standardized on a common syntax for directive attributes. This makes the Razor syntax used by Blazor more consistent and predictable. It also paves the way for future extensibility.

Directive attributes all follow the following syntax where the values in parenthesis are optional:


Some valid examples:

<!-- directive -->
<div @directive>...</div>
<div @directive="value"></div>

<!-- directive with key/value arg-->
<div @directive:key>...</div>
<div @directive:key="value"></div>

<!-- directive with suffix -->
<div @directive-suffix></div>
<div @directive-suffix="value"></div>

<!-- directive with suffix and key/value arg-->
<div @directive-suffix:key></div>
<div @directive-suffix:key="value"></div>

All of the Blazor built-in directive attributes have been updated to use this new syntax as described below.

Event handlers

Specifying event handlers in Blazor now uses the new directive attribute syntax instead of the normal HTML syntax. The syntax is similar to the HTML syntax, but now with a leading @ character. This makes C# event handlers distinct from JS event handlers.

<button @onclick="@Clicked">Click me!</button>

When specifying a delegate for C# event handler the @ prefix is currently still required on the attribute value, but we expect to remove this requirement in a future update.

In the future we also expect to use the directive attribute syntax to support additional features for event handlers. For example, stopping event propagation will likely look something like this (not implemented yet, but it gives you an idea of scenarios now enabled by directive attributes):

<button @onclick="Clicked" @onclick:stopPropagation>Click me!</button>


<input @bind="myValue">...</input>
<input @bind="myValue" @bind:format="mm/dd">...</input>
<MyButton @bind-Value="myValue">...</MyButton>


<div @key="id">...</div>


<button @ref="myButton">...</button>

Authentication & authorization support for Blazor apps

Blazor now has built-in support for handling authentication and authorization. The server-side Blazor template now supports options for enabling all of the standard authentication configurations using ASP.NET Core Identity, Azure AD, and Azure AD B2C. We haven’t updated the Blazor WebAssembly templates to support these options yet, but we plan to do so after .NET Core 3.0 has shipped.

To create a new Blazor app with authentication enabled:

  1. Create a new Blazor (server-side) project and select the link to change the authentication configuration. For example, select “Individual User Accounts” and “Store user accounts in-app” to use Blazor with ASP.NET Core Identity:

    Blazor authentication

  2. Run the app. The app includes links in the top row for registering as a new user and logging in.

    Blazor authentication running

  3. Select the Register link to register a new user.

    Blazor authentication register

  4. Select “Apply Migrations” to apply the ASP.NET Core Identity migrations to the database.

    Blazor authentication apply migrations

  5. You should now be logged in.

    Blazor authentication logged in

  6. Select your user name to edit your user profile.

    Blazor authentication edit profile

In the Blazor app, authentication and authorization are configured in the Startup class using the standard ASP.NET Core middleware.



app.UseEndpoints(endpoints =>

When using ASP.NET Core Identity all of the identity related UI concerns are handled by the framework provided default identity UI.


The authentication related links in top row of the app are rendered using the new built-in AuthorizeView component, which displays different content depending on the authentication state.


        <a href="Identity/Account/Manage">Hello, @context.User.Identity.Name!</a>
        <a href="Identity/Account/LogOut">Log out</a>
        <a href="Identity/Account/Register">Register</a>
        <a href="Identity/Account/Login">Log in</a>

The AuthorizeView component will only display its child content when the user is authorized. Alternatively, the AuthorizeView takes parameters for specifying different templates when the user is Authorized, NotAuthorized, or Authorizing. The current authentication state is passed to these templates through the implicit context parameter. You can also specify specific roles or an authorization policy on the AuthorizeView that the user must satisfy to see the authorized view.

To authorize access to specific pages in a Blazor app, use the normal [Authorize] attribute. You can apply the [Authorize] attribute to a component using the new @attribute directive.

@using Microsoft.AspNetCore.Authorization
@attribute [Authorize]
@page "/fetchdata"

To specify what content to display on a page that requires authorization when the user isn’t authorized or is still in the processing of authorizing, use the NotAuthorizedContent and AuthorizingContent parameters on the Router component. These Router parameters are only support in client-side Blazor for this release, but they will be enabled for server-side Blazor in a future update.

The new AuthenticationStateProvider service make the authentication state available to Blazor apps in a uniform way whether they run on the server or client-side in the browser. In server-side Blazor apps the AuthenticationStateProvider surfaces the user from the HttpContext that established the connection to the server. Client-side Blazor apps can configure a custom AuthenticationStateProvider as appropriate for that application. For example, it might retrieve the current user information by querying an endpoint on the server.

The authentication state is made available to the app as a cascading value (Task<AuthenticationState>) using the CascadingAuthenticationState component. This cascading value is then used by the AuthorizeView and Router components to authorize access to specific parts of the UI.


    <Router AppAssembly="typeof(Startup).Assembly">
            <p>Sorry, there's nothing at this address.</p>

Static assets in Razor class libraries

Razor class libraries can now include static assets like JavaScript, CSS, and images. These static assets can then be included in ASP.NET Core apps by referencing the Razor class library project or via a package reference.

To include static assets in a Razor class library add a wwwroot folder to the Razor class library and include any required files in that folder.

When a Razor class library with static assets is referenced either as a project reference or as a package, the static assets from the library are made available to the app under the path prefix _content/{LIBRARY NAME}/. The static assets stay in their original folders and any changes to the content of static assets in the Razor class libraries are reflected in the app without rebuilding.

When the app is published, the companion assets from all referenced Razor class libraries are copied into the wwwroot folder of the published app under the same prefix.

To try out using static assets from a Razor class library:

  1. Create a default ASP.NET Core Web App.

    dotnet new webapp -o WebApp1
  2. Create a Razor class library and reference it from the web app.

    dotnet new razorclasslib -o RazorLib1
    dotnet add WebApp1 reference RazorLib1
  3. Add a wwwroot folder to the Razor class library and include a JavaScript file that logs a simple message to the console.

    cd RazorLib1
    mkdir wwwroot


    console.log("Hello from RazorLib1!");
  4. Reference the script file from Index.cshtml in the web app.

    <script src="_content/RazorLib1/hello.js"></script>
  5. Run the app and look for the output in the browser console.

    Hello from RazorLib1!

Projects now use System.Text.Json by default

New ASP.NET Core projects will now use System.Text.Json for JSON handling by default. In this release we removed Json.NET (Newtonsoft.Json) from the project templates. To enable support for using Json.NET, add the Microsoft.AspNetCore.Mvc.NewtonsoftJson package to your project and add a call to AddNewtonsoftJson() following code in your Startup.ConfigureServices method. For example:


Certificate and Kerberos authentication

Preview 6 brings Certificate and Kerberos authentication to ASP.NET Core.

Certificate authentication requires you to configure your server to accept certificates, and then add the authentication middleware in Startup.Configure and the certificate authentication service in Startup.ConfigureServices.

public void ConfigureServices(IServiceCollection services)
    // All the other service configuration.

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    // All the other app configuration.

Options for certificate authentication include the ability to accept self-signed certificates, check for certificate revocation, and check that the proffered certificate has the right usage flags in it. A default user principal is constructed from the certificate properties, with an event that enables you to supplement or replace the principal. All the options, and instructions on how to configure common hosts for certificate authentication can be found in the documentation.

We’ve also extended “Windows Authentication” onto Linux and macOS. Previously this authentication type was limited to IIS and HttpSys, but now Kestrel has the ability to use Negotiate, Kerberos, and NTLM on Windows, Linux, and macOS for Windows domain joined hosts by using the Microsoft.AspNetCore.Authentication.Negotiate nuget package. As with the other authentication services you configure authentication app wide, then configure the service:

public void ConfigureServices(IServiceCollection services)

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    // All the other app configuration.

Your host must be configured correctly. Windows hosts must have SPNs added to the user account hosting the application. Linux and macOS machines must be joined to the domain, then SPNs must be created for the web process, as well as keytab files generated and configured on the host machine. Full instructions are given in the documentation.

SignalR Auto-reconnect

This preview release, available now via npm install @aspnet/signalr@next and in the .NET Core SignalR Client, includes a new automatic reconnection feature. With this release we’ve added the withAutomaticReconnect() method to the HubConnectionBuilder. By default, the client will try to reconnect immediately and after 2, 10, and 30 seconds. Enlisting in automatic reconnect is opt-in, but simple via this new method.

const connection = new signalR.HubConnectionBuilder()

By passing an array of millisecond-based durations to the method, you can be very granular about how your reconnection attempts occur over time.

.withAutomaticReconnect([0, 3000, 5000, 10000, 15000, 30000])
//.withAutomaticReconnect([0, 2000, 10000, 30000]) yields the default behavior

Or you can pass in an implementation of a custom reconnect policy that gives you full control.

If the reconnection fails after the 30-second point (or whatever you’ve set as your maximum), the client presumes the connection is offline and stops trying to reconnect. During these reconnection attempts you’ll want to update your application UI to provide cues to the user that the reconnection is being attempted.

Reconnection Event Handlers

To make this easier, we’ve expanded the SignalR client API to include onreconnecting and onreconnected event handlers. The first of these handlers, onreconnecting, gives developers a good opportunity to disable UI or to let users know the app is offline.

connection.onreconnecting((error) => {
    const status = `Connection lost due to error "${error}". Reconnecting.`;
    document.getElementById("messageInput").disabled = true;
    document.getElementById("sendButton").disabled = true;
    document.getElementById("connectionStatus").innerText = status;

Likewise, the onreconnected handler gives developers an opportunity to update the UI once the connection is reestablished.

connection.onreconnected((connectionId) => {
    const status = `Connection reestablished. Connected.`;
    document.getElementById("messageInput").disabled = false;
    document.getElementById("sendButton").disabled = false;
    document.getElementById("connectionStatus").innerText = status;

Learn more about customizing and handling reconnection

Automatic reconnect has been partially documented already in the preview release. Check out the deeper docs on the topic, with more examples and details on usage, at

Managed gRPC Client

In prior previews, we relied on the Grpc.Core library for client support. The addition of HTTP/2 support in HttpClient in this preview has allowed us to introduce a fully managed gRPC client.

To begin using the new client, add a package reference to Grpc.Net.Client and then you can create a new client.

var httpClient = new HttpClient() { BaseAddress = new Uri("https://localhost:5001") };
var client = GrpcClient.Create<GreeterClient>(httpClient);

gRPC Client Factory

Building on the opinionated pattern we introduced in HttpClientFactory, we’ve added a gRPC client factory for creating gRPC client instances in your project. There are two flavors of the factory that we’ve added: Grpc.Net.ClientFactory and Grpc.AspNetCore.Server.ClientFactory.

The Grpc.Net.ClientFactory is designed for use in non-ASP.NET app models (such as Worker Services) that still use the Microsoft.Extensions.* primitives without a dependency on ASP.NET Core.

In applications that perform service-to-service communication, we often observe that most servers are also clients that consume other services. In these scenarios, we recommend the use of Grpc.AspNetCore.Server.ClientFactory which features automatic propagation of gRPC deadlines and cancellation tokens.

To use the client factory, add the appropriate package reference to your project (Grpc.AspNetCore.Server.Factory or Grpc.Net.ClientFactory) before adding the following code to ConfigureServices().

    .AddGrpcClient<GreeterClient>(options =>
        options.BaseAddress = new Uri("https://localhost:5001");

gRPC Interceptors

gRPC exposes a mechanism to intercept RPC invocations on both the client and the server. Interceptors can be used in conjunction with existing HTTP middleware. Unlike HTTP middleware, interceptors give you access to actual request/response objects before serialization (on the client) and after deserialization (on the server) and vice versa for the response. All middlewares run before interceptors on the request side and vice versa on the response side.

Client interceptors

When used in conjunction with the client factory, you can add a client interceptor as shown below.

    .AddGrpcClient<GreeterClient>(options =>
        options.BaseAddress = new Uri("https://localhost:5001");

Server interceptors

Server interceptors can be registered in ConfigureServices() as shown below.

    .AddGrpc(options =>
        // This registers a global interceptor
    .AddServiceOptions<GreeterService>(options =>
        // This registers an interceptor for the Greeter service

For examples on how to author an interceptors, take a look at these examples in the grpc-dotnet repo.

Give feedback

We hope you enjoy the new features in this preview release of ASP.NET Core and Blazor! Please let us know what you think by filing issues on GitHub.

Thanks for trying out ASP.NET Core and Blazor!


Comments are closed. Login to edit/delete your existing comments

  • Avatar
    JJ Bussert

    Finally we have easier to use Auth integration and templates to spin up the projects faster.  Can’t wait to give this a try!

  • Steven Sullivan
    Steven Sullivan

    I have a Blazor Server-Side project that has now been updated to reference 3.0.0-preview6.19307.2 as well as the most recent version of VS2019. However, it’s still unable to recognize @code, or really implement any of the new features.Am I missing something?

      • Avatar
        Jan Wittland

        Same problem here, but only with IntelliSense in Code Editor. VS 2019 16.2 Preview 2 Enterprise, current .NET Core Preview 6, current Blazor Language Services installed.
        @code or @attribute is accepted by compiler (Build+Run and manual dotnet run).
        But: code editor/intellisense not working 🙁 e.g: FetchData.razor from sample does not recognize @code, so also the forecasts variable isn’t recognized in razor syntax loop.
        How to get this running? Are the latest syntax changes supported in VS 16.2? Everything was fine with Preview 5.

    • Serge S
      Serge S

      It works on my setup with latest VS 16.2.0 and 3.0.0-preview6-27804-01

  • Avatar
    Luis Palacios

    Thanks a lot, Daniel, I’m highly excited for Blazor, and I’m no javascript hater, in fact, I’ve been doing a lot of typescript with react and angular but I’m still excited about the possibilities that are opening with Blazor 

  • Avatar
    Ra D

    Hi Daniel – excellent work and thanks for including the authentication in this release. I understand this is a preview release but I tried extending the user registration with custom attributes to a sample project by using the Scaffold Identity steps – the end result is a mess; I ended up discarding the project. Steps to reproduce: create a sample Blazor server-side with single user authentication. Project gets generated, run the project – works like a charm. Now extend the app with Scaffold Identity – select only Account\Registration page, select the dbcontext. VS adds additional code and pages – try running the project – either build fails or app wont run. Could you please streamline this to work with new Blazor libraries. Thank you.

  • Serge S
    Serge S

    Hi Daniel,
    I have a question regarding injecting: Server-Side or Client-Side Blazor:
    Client-Side Blazor: If I correctly understand, when we injecting a Class is it transferring an entire content of a Class (a lot’s of data in memory) to Client over SignalR?
    Server-Side Blazor: it is local by definition. No transferring.
    From this point of view the Server-Side should be much faster for an embedded server application, which is supposed to handle the device activities and, because number of clients are limited, also preferred.
    I am using the Server-Side Blazor and it is really fast.
    But I don’t know how fast it will be using Client-Side Blazor, probably it is required a granular data control.
    Thank you,

    • Daniel Roth
      Daniel RothMicrosoft employee

      Client-side Blazor runs your entire client UI in the browser using a WebAssembly based .NET runtime. Client-side Blazor doesn’t require a SignalR connection and doesn’t require .NET on the server at all. You can deploy a client-side Blazor app as a bunch of static files to a static site hosting solution like GitHub pages or Azure Static Site Hosting. For a full discussion of the different Blazor hosting models (client-side vs server-side) see

      • Serge S
        Serge S

        Hi Daniel,
        Thank you. Sorry, just make sure I understand usage scenarios. Client-Side Blazor required to work with injected a communication protocol, for example HttpClient (another level of abstraction – a Device API service) to work with Device. Finally, using this Service we transferring required data over API Service – is it correct? Finally, the same API Service can be used by any third party clients. Am I correct?
        Thank you,

        • Daniel Roth
          Daniel RothMicrosoft employee

          That sounds right. From client-side Blazor you communicate with Web APIs on the server using HttpClient. You can abstract away this communication using a service that you inject into your components. The components call into the injected service, which then uses an HttpClient to call the Web API on the server. That Web API can be called by other third party clients as well.

          • Avatar

            Might I suggest perhaps additional branding around these different modes?  I think something like “Blazor WebAssembly Mode” and “Blazor WebSocket Mode” is crystal clear, and makes it more apparent that you are supporting these two technologies.  A lot of developers think that Blazor is WebAssembly-only and I believe you’re losing out to adoption accordingly.

          • Daniel Roth
            Daniel RothMicrosoft employee

            We have been thinking along similar lines. The plan is to rename the “Blazor (server-side)” template to “Blazor Server App” and the client-side Blazor templates to “Blazor WebAssembly App” with an option to host in an ASP.NET Core app or not. Feel free to chime in on the GitHub issue tracking this proposal with your thoughts.

  • Rod Macdonald
    Rod Macdonald

    Blazor just seems to be getting better and better. What’s the client side story for a local database? Have been saying for years SQL Server could do with a client side companion (non-Jet, non-SQLite, kinda SQL Server’ish, you know?)  🙂

    • Daniel Roth
      Daniel RothMicrosoft employee

      When running in the browser you are limited by the storage mechanisms supported in the browser sandbox (local storage, indexdb, etc.). However, with WebAssembly there have been some efforts to bring database technologies to the browser. For example, check out nventive’s project to support sqlite in the browser:

  • D S
    D S

    Hi Daniel:
    Excellent work of your Blazor team.
    I am trying to learn about the authentication feature of Blazor Server Side.  Is it possible to create a custom login template instead of using the default page.

    • Daniel Roth
      Daniel RothMicrosoft employee

      It should be possible to override any of the Razor Pages that make up the default identity UI. The Identity scaffolder that we typically use to do this has some issues with Blazor projects right now that we need to address, but for now I believe you can scaffold the Identity pages you want in a vanilla ASP.NET Core Web App and then copy them over to get the desired result. Please report on GitHub any issues that you hit when trying to do this as we know this is an area where we need to do some work still.

  • Avatar
    Jesse Sander

    Hi Daniel,
    Thanks for the update! Really impressed with Blazor so far. Just wanted to say, keep up the good work and cheers to the team from Holland!

  • Shaun Sales
    Shaun Sales

    Hi Daniel, very happy to see great features continuing to be added to SignalR Core. Can we expect to see a SignalR C# client compatible with client-side Blazor any time soon?

      • Shaun Sales
        Shaun Sales

        Thanks for the reply, that’s a helpful data point for us to plan with. We are heavy Unity users and have a SignalR client running under Mono/IL2CPP, which talks to our backend and wanted to share that with our upcoming Blazor client. It may be a good time for us to investigate building a lightweight Mono-based SignalR C# client that works for both Blazor and Unity.