DEV Community: Ray_Dsz

Top Ingredients for Blazor Server Recipe

Ray_Dsz — Sat, 14 Jun 2025 13:34:31 +0000

Introduction
Project Structure
The Ingredients

Introduction

Blazor is a powerful front-end framework, especially loved by C# developers who want to build modern web applications without switching to JavaScript-based stacks. It comes in two main flavors:

Blazor Server – uses server-side rendering, where the UI interactions are processed on the server via SignalR.
Blazor WebAssembly – runs directly in the browser (client-side) using WebAssembly.

Both of these are now part of the Blazor Web App model introduced in .NET 8, giving you the flexibility to mix and match rendering modes.

In this article, I’ll be focusing on Blazor Server and walk you through the key components and configurations that make your front-end secure, reliable, and production-ready—especially when integrating with Azure Entra Authentication.

So let’s dive in! 🚀

Project Structure

If you have seen my previous posts, I had created a template with clean architecture. You can view it here. Iam just going to continue the frontend part on the same project. Below is the project structure:

Most of the code in this project is generated out of the box, and we won’t be focusing on the UI part in this blog. (For UI, I personally recommend using Radzen—a great component library that works seamlessly with Blazor.)

Our main focus will be everything except the Components folder.

Here’s a quick breakdown of the important folders and their roles:

BasicDataModels/

This folder contains the models which are necessary to retrieve the json values from appSettings. Like jwt parameters, Api hosts etc.
Extensions/

Contains HttpClientExtension to handle success, failure from the api.
Middleware/

I wanted to generate an id that would be common across entire transaction. So that i could check the logs how the request has flown and where the error occured. Using this Id, I would be able to get the entire path of the request from UI -> Api -> Send Mail Api etc.
Models/

This folder contains the models with structure matching to the model structure comming from api.
Services/

This folder contains all the api calls. I used interface implementation pattern here. Each api host has its own folder like request, azure graph, workflow etc.

Now, We will go ahead to the most important part, Setting up the blazor server in a neat way..

The Ingredients

We will basically going through each ingredient and its set up.

`Setting Up Azure Entra Authentication`

Authentication plays a crucial role. Since, we had Azure user management. We can use Azure Entra Authentication into our application's. You can check my post here to set it up.

`Logging for Blazor Server`

Logging is a crucial process in web application development. This plays a crucial role for the developers to debug. Thanks to Serilog, We can now log in a seamless way.

Packages Required

Serilog.AspNetCore

In `appSettings.json`

        "Serilog": {
    "Using": [ "Serilog.Sinks.File" ],
    "MinimumLevel": {
      "Default": "Information",
      "Override": {
        "Microsoft": "Warning",
        "Serilog.AspNetCore.RequestLoggingMiddleware": "Warning",
        "Microsoft.AspNetCore.Components.RenderTree.Renderer": "Error"
      }
    },
    "WriteTo": [
      {
        "Name": "File",
        "Args": {
          "path": "D:\\ApplicationLogs\\templateUILogs.txt",
          "rollingInterval": "Month",
          "rollOnFileSizeLimit": true,
          "outputTemplate": "[CorrId:{CorrelationId}] [{Timestamp:yyyy-MM-dd HH:mm:ss.fff} {Level:u3}] {Message:lj}{NewLine}{Exception}"
        }
      }
    ],
    "Enrich": [ "WithProperty" ],
    "Properties": {
      "ApplicationName": "ISWebAppTemplate"
    }
  }

In `Program.cs`

        builder.Host.UseSerilog((context, loggerConfig) =>
        {
            loggerConfig.ReadFrom.Configuration(context.Configuration)
            .Enrich.FromLogContext();
        });

`Setting up CorrelationId for Transaction`

Now consider a situation, Where you have blazor server app, Web Api and a Mail Api which is called within Web Api. What if something fails in the middle?. Even though, We set up serilog in each of the project. How do we track it?.
For ex: If you submit an request in

blazor form -> It calls post request in Api -> Sends an mail to user via mail api that request is submitted

If any failure happens there is no way we can track the log as there is nothing common in them. To resolve this, We create a correlation Id in blazor and pass it via api calls throughout the transaction till it completes. We maintain a single Correlation Id for one complete transaction .i.e.

Generate CorrelationId in Blazor -> Pass it to Web Api -> Pass it to mail api

Let's see how we can set it up.

In `Services Folder`:

Create an interface, implementation classes like below:

// ICorrelationService.cs
public interface ICorrelationService
{
    string? CorrelationId { get; set; }
}

//CorrelationServiceState.cs
public class CorrelationServiceState : ICorrelationService
{

    public string? CorrelationId
    {
        get;
        set;
    }

}

In `Middleware Folder` :

Create a CorrelationCircuitHandler File

public class CorrelationCircuitHandler : CircuitHandler
{
    private readonly ILogger<CorrelationCircuitHandler> _logger;
    private readonly ICorrelationService _correlationService;

    public CorrelationCircuitHandler(ILogger<CorrelationCircuitHandler> logger, ICorrelationService correlationService)
    {
        _logger = logger;
        _correlationService = correlationService;
    }

    public override Task OnCircuitOpenedAsync(Circuit circuit, CancellationToken cancellationToken)
    {
        _correlationService.CorrelationId = circuit.Id;
        LogContext.PushProperty("CorrelationId", _correlationService.CorrelationId);
        _logger.LogInformation("Circuit connected");
        // Store or use circuit.Id as a unique connection/session ID
        return Task.CompletedTask;
    }

    public override Task OnCircuitClosedAsync(Circuit circuit, CancellationToken cancellationToken)
    {
        LogContext.PushProperty("CorrelationId", _correlationService.CorrelationId);
        _logger.LogInformation("Circuit disconnected");
        return Task.CompletedTask;
    }
}

In `DependecyInjection.cs` :

        services.AddScoped<ICorrelationService, CorrelationServiceState>();
        services.AddScoped<CircuitHandler, CorrelationCircuitHandler>();

`Exception Handling in Blazor`

Blazor by default catches the server rendering errors. But, it doesn't catch the errors that are thrown from Api like 403, 404, 401 etc. In order to catch these, We need to set up Custom Exception Logging Service. So Let's start...

In `Services Folder`:

Create an interface, implementation classes.

// IExceptionLoggingService.cs
public interface IExceptionLoggingService
{
    ProblemDetails Log(Exception ex);
}

// ExceptionLoggingService.cs
public class ExceptionLoggingService(ILogger<ExceptionLoggingService> logger, ICorrelationService correlationService) : DelegatingHandler, IExceptionLoggingService
{
    public ProblemDetails Log(Exception exception)
    {

        var stackTrace = new StackTrace(exception, true);
        var frame = stackTrace.GetFrame(0);
        var problemDetails = new ProblemDetails
        {
            StatusCode = StatusCodes.Status500InternalServerError,
            FileName = exception.TargetSite?.DeclaringType?.FullName,
            LineNumber = frame?.GetFileLineNumber(),
            MethodName = exception.TargetSite?.Name,
            Type = exception.GetType().Name,
            Title = exception.Message,
            Description = exception.InnerException?.Message,
            StackTrace = exception.StackTrace
        };

        LogContext.PushProperty("CorrelationId", correlationService.CorrelationId);

        logger.LogError(
    $"StatusCode: {problemDetails.StatusCode}, " +
    $"File : {problemDetails.FileName}, " +
    $"Line Number {problemDetails.LineNumber}, " +
    $"Method Name {problemDetails.MethodName}, " +
    $"Type: {problemDetails.Type}, " +
    $"Title: {problemDetails.Title}, " +
    $"Description: {problemDetails.Description}, " +
    $"StackTrace: {problemDetails.StackTrace}, " +
    $"TimeStamp: {DateTime.Now}, ");
        return problemDetails;
    }
}

//Problem Details class in BasicDataModels Folder
public class ProblemDetails
{
    public int? StatusCode { get; set; }

    public string? FileName { get; set; }

    public int? LineNumber { get; set; }

    public string? MethodName { get; set; }
    public string? Type { get; set; }
    public string? Title { get; set; }
    public string? Description { get; set; }
    public string? StackTrace { get; set; }
}

In `DependencyInjection.cs`:

        services.AddScoped<IExceptionLoggingService, ExceptionLoggingService>();

`Retry Policy for Api in Blazor`

What if the api fails or the app pool is failing and the Blazor app is not able to connect to api?. What if the api is temporary down. During these times, It's crucial that we retry the request to api for around 2 to 3 times and gracefully handle it in blazor. So hence, Retry Policy. Let's see how to set it up..

Package Required

Polly

In `DependencyInjection.cs`:

According to below code, The httpClient will retry 5 times with each time multiplying twice the seconds to previous request hit. Ex: If the first retry was done. It will retry after 2 seconds, then after 4 seconds and it will retry 5 times.

        services.AddHttpClient("TemplateClient", client =>
        {
            client.BaseAddress = new Uri(baseUrls.TemplateApiBaseUrl);
        })
                    .AddTransientHttpErrorPolicy(policyBuilder =>
            policyBuilder.WaitAndRetryAsync(5,
                retryAttempt => TimeSpan.FromSeconds(Math.Pow(2, retryAttempt))));

`Rate limiting in Blazor Application`

Rate limiting is necessary if too many requests are hitting to a blazor at once. Usually as per my experience. IIS server can handle 5 million transaction a minute. But, if you want to limit it like 15 requests for 5 seconds. The requests comming after this will be kept in queue and the requests after will be rejected. So let's see how to set it up...

In `DependencyInjection.cs`:

 // In AddUIServices method
        services.AddRateLimiter(options =>
        {
            options.AddFixedWindowLimiter("fixed", opt =>
            {
                opt.PermitLimit = 12;
                opt.Window = TimeSpan.FromSeconds(24);
                opt.QueueProcessingOrder = QueueProcessingOrder.OldestFirst;
                opt.QueueLimit = 2;
            });
        });

//In UseUIServices method
        app.MapRazorComponents<App>()
            .AddInteractiveServerRenderMode()
            .RequireRateLimiting("policy");

`Content Security Policy (CSP)`

Content Security Policy is crucial and one of the most important ingredient of Blazor. It allows only the requests from the domain we set up in CSP of our blazor app. This works similar to CORS in ASP .NET Core Web Api. It just blocks the requests comming from the other domain. Note that, If you want to block requests from particular set of machines, CSP doesnt help. Let's see how we can implement this..

In `DependencyInjection.cs`:

// In UseUIServices method
        app.Use(async (context, next) =>
        {

            // Add the CSP header
            context.Response.Headers.Add("Content-Security-Policy",
                $"base-uri 'self'; " +
                $"default-src 'self' https://localhost:* https://<domain>.com; " +
                $"img-src data: https://<domain>.com; " +
                $"object-src 'none'; " +
                $"script-src 'self' https://<domain>.com 'unsafe-eval'; " +
                $"style-src 'self' https://<domain>.com 'sha256-eLbuM5dktsItN/wyd3rBMDvH9/MlAz4tA5/eNpxjhsQ=' 'sha256-eLbuM5dktsItN/wyd3rBMDvH9/MlAz4tA5/eNpxjhsQ=' 'unsafe-hashes'; " +
                $"upgrade-insecure-requests;");

            await next();
        });

`Error handling in Api Call from Blazor`

I spent a lot of time on how to handle the validation errors from api and api erros from api. So i came up approach that suits my situation. Of course, There might be easier and more reliable approach. But, This is the one i went with, So let's dig deep...

In `MainLayout.razor`:

 @if (hasError)
 {
     <Error problemDetails="@problemDetails" />
 }
 else
 {
     <CascadingValue Value="userToken" Name="Token">
         <Header @bind-empDetails="empDetails" />
     </CascadingValue>

     <RadzenBody class="carrental-body">
         @Body
     </RadzenBody>
 }

@code { 
    private bool hasError = false;

    private ProblemDetails? problemDetails;
                        var requestsCreatedByEmp = await requestService.GetAllRequestsByEmpId(samAccount);
                        if (!requestsCreatedByEmp.isApiFailure)
                        {
                            var data = requestsCreatedByEmp.Data;
                        }
                        else
                        {
                            hasError = true;
                            problemDetails = requestsCreatedByEmp.ApiFailureDetails;
                        }
}

In `Error.razor`:

@page "/Error"
@inject ICorrelationService correlationService
@inject NavigationManager NavigationManager
@inject IExceptionLoggingService ExceptionLogging
<PageTitle>Error</PageTitle>
<RadzenCard Variant="Variant.Outlined" class="rz-my-12 rz-mx-auto ">
        <RadzenStack Orientation="Orientation.Horizontal" JustifyContent="JustifyContent.Start" Gap="1rem" class="rz-p-4">
        <RadzenIcon Icon="dangerous" IconColor="@Colors.Danger" />
            <RadzenStack Gap="0">
            <RadzenLabel>Something went wrong!! :(</RadzenLabel>
            <RadzenLabel>Correlation Id: @CorrelationId</RadzenLabel>
            </RadzenStack>
        </RadzenStack>
    </RadzenCard>
@code {
    [Parameter]
    public Exception? ErrorDetails { get; set; }

    [Parameter]
    public ProblemDetails? problemDetails { get; set; }
    private string CorrelationId;
    protected override void OnInitialized()
    {
        CorrelationId = correlationService.CorrelationId;
        //if the errors are not api errors
        if(ErrorDetails != null)
        {
           ExceptionLogging.Log(ErrorDetails);
        }

    }

    private void goToHome()
    {
        NavigationManager.NavigateTo("home", TemplateConstants.s_yes);
    }
}

In `RequestService.cs`:

// This get's the custom token generated from MainLayout
    public async Task GetCustomToken()
    {

        var token = await _userToken.WaitForTokenAsync();
        _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", _userToken.Token);
    }

//Adds correlation id to api header to pass it to upcomming api
    private HttpRequestMessage AppendCorrelationId(HttpRequestMessage? request)
    {
        request.Headers.Add("X-Correlation-ID", _correlationService.CorrelationId ?? "unknown");
        return request;
    }

//This method is called from Mainlayout.razor
    public async Task<Result<IEnumerable<CreateRequest>>> GetAllRequestsByEmpId(string userId)
    {
        try
        {
            int empId = 0;
            await GetCustomToken();
            var request = new HttpRequestMessage(HttpMethod.Get, $"{basicApiUrls.TemplateApiBaseUrl}/requests/requestByEmployee/{empId}");
            request = AppendCorrelationId(request);
            var response = await _httpClient.SendAsync(request);
            return await response.HandleApiResponse<IEnumerable<CreateRequest>>(logger);
        }
        catch (HttpRequestException exception)
        {
            var problemDetails = exceptionLogger.Log(exception);

            // Handle network-related errors
            return Result<IEnumerable<CreateRequest>>.FailureStatus(problemDetails);
        }
    }

Conclusion

There’s still a lot more that can be added to improve and expand this setup. What I’ve shared here is based on what I’ve learned and implemented so far.

Feel free to build on it, customize it to your needs, and make it even better.

Happy coding! 🚀

Set up Azure Entra Authentication with Blazor

Ray_Dsz — Fri, 13 Jun 2025 17:19:59 +0000

Introduction

As more enterprises embrace the Microsoft ecosystem, user management, file sharing, and productivity tools have become more seamlessly integrated than ever. With Microsoft now offering its own ERP solution—Dynamics 365 (D365)—many organizations are exploring hybrid environments that combine on-premises systems with cloud-based services.

In our case, we adopted a hybrid setup: SAP as our ERP system, and Microsoft Azure for user management, file storage, and more. Most of our critical company data remained on-premises, but we had a growing need to modernize our authentication approach.

Our primary requirement was to move from Windows Authentication to Multi-Factor Authentication (MFA) for improved security. To achieve this, we implemented Azure Entra Authentication.

In this blog, I’ll walk you through the step-by-step process of integrating Azure Entra Authentication into a Blazor Server application

Creating Azure app registration

Before your Blazor Server application can authenticate users or communicate securely with Azure services, it must first establish trust with Azure Active Directory (Azure AD). This is done through a process known as App Registration.

Think of this as the initial handshake—a formal agreement where Azure recognizes your application, grants it an identity, and provides the necessary credentials (like Client ID and Secret) to authenticate and authorize securely.

In this step, we’ll register the application in Azure to enable secure, machine-to-machine communication using Azure Entra ID. Once registered, we’ll receive the necessary configuration values (such as Tenant ID, Client ID, and optionally, Client Secret) which we’ll use in our Blazor Server app. Below is the step-by-step approach:

First register the azure app, Go to https://portal.azure.com/
Search for App Registrations and Click on new Registration
Type your app name, Select account type. You can add Redirect URI later.
Once you register, You will get a screen like this..

Copy Application (client) ID and Directory (tenant) ID. You need to add it in Blazor app.
Once done, Click on Certificates & secrets and Create a new client secret and copy the value. Remember, You will not be able to copy later. You need to add it in Blazor app.
Please keep in mind, Always Choose secret value for development. For production, I always suggest client certificate as it is much secure and doesn't expire for nearly 3 years.
You can even auto rotate the certificates by keeping in KeyVault. So that it never expires.
The client secret expires after 1 year. This leads to your app failure.
It's a best practice to register a separate Azure App for each Blazor Server application, rather than using a single shared app registration across multiple apps.
If something goes wrong—such as a client secret expiration, authentication failure—it will only affect that specific application, not every app relying on a shared registration.
Once done, click on Overview -> Select Redirect URIs. Add a redirect uri.

If your blazor app is running locally, It would be something like this 
https://localhost:7039/signin-oidc

For Postman,
https://oauth.pstmn.io/v1/callback

(Optional) After this, Go to Token Configuration. Select add option claim -> Access -> Select whichever claims you want to receive in app and click Add.
Go to Api Permissions -> Click on Add a Permission -> Microsoft Graph -> Delegated -> Select User.Read.All and Profile and select Add
The following steps are only necessary if you want to bring roles from azure. This means you are maintaining roles and user mapping in Azure.
Go to Expose an Api -> Add a scope -> Add required Fields and click create.
The scope will be similar to below

 api://c60dde-e4af-47-8d-7c170b/User.All

Go to App roles, Add your application roles here

To Assign the roles to user, Click on How do I assign App roles and click on Enterprise application. You will get a screen like below

Then, Under Manage -> Users and groups -> Add user/group -> map role to user.
Voila, You azure part is done.

Setting up Azure Entra authentication in Blazor.

Now, Comming to step 2. I already assume you have created a blazor server project.
Once done, We will start to set it up. Create a DependencyInjection class for blazor with two methods

    public static IServiceCollection AddUIServices(this IServiceCollection services, IConfiguration configuration, IConfigurationBuilder builder)
{
        return services;

}
    public static WebApplication UseUIServices(this WebApplication app, IConfiguration configuration)
{
        return app;
}

In Program.cs

        var builder = WebApplication.CreateBuilder(args);
        builder.Services.AddUIServices(builder.Configuration, builder.Configuration);
        var app = builder.Build();

        app.UseUIServices(builder.Configuration);

        app.Run();

Packages Required:

Microsoft.Identity.Web.UI
Microsoft.Identity.Web

In DependencyInjection.cs

//In AddUIServices method       services.AddMicrosoftIdentityWebAppAuthentication(configuration)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches(options =>
{
    options.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(15);
});
        services.AddControllersWithViews(options =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        }).AddMicrosoftIdentityUI();

// In UseUIServices method, Make sure you have these
        app.UseHttpsRedirection();

        app.UseStaticFiles();
        app.UseRouting();
        app.UseAuthentication();
        app.MapControllers();
        app.UseAntiforgery();

In appSettings.json

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "<YOUR_TENANT_ID>",
    "ClientId": "<YOUR_CLIENT_ID>",
    "ClientSecret": "<YOUR_CLIENT_SECRET_VALUE>",
    "Domain": "<YOUR_DOMAIN> usually your_company.com",
    "CallbackPath": "/signin-oidc"
  },
  "AppScopes": {
    "scopeBaseUrl": "api://c60dde-e4af-47-8d-7c170b/User.All"
  }

Done, You basic configuration is done. Now we move to MainLayout.razor
I use Radzen as component library, So my MainLayout would look like this:

@inherits LayoutComponentBase
@inject AuthenticationStateProvider AuthenticationStateProvider
@inject IRequestService requestService

<RadzenLayout class="carrental-layout">
    <CascadingAuthenticationState>
        <AuthorizeView>
            <NotAuthorized>
                <Login />
            </NotAuthorized>
            <Authorized>
                <CascadingValue Value="empDetails" Name="EmployeeDetails">
                    @if (hasError)
                    {
                        <Error problemDetails="@problemDetails" />
                    }
                    else
                    {
                        <CascadingValue Value="userToken" Name="Token">
                            <Header @bind-empDetails="empDetails" />
                        </CascadingValue>

                        <RadzenBody class="carrental-body">
                            @Body
                        </RadzenBody>
                    }


                </CascadingValue>
            </Authorized>
        </AuthorizeView>
    </CascadingAuthenticationState>
    <RadzenFooter class="carrental-footer">
        <Footer />
    </RadzenFooter>
</RadzenLayout>

<RadzenComponents @rendermode="@RenderMode.InteractiveServer" />

In the OnInitializedAsync method of MainLayout, We need to add this code

    protected async override Task OnInitializedAsync()
    {
        var auth = await AuthenticationStateProvider.GetAuthenticationStateAsync();
        var user = auth.User;
        if (auth.User.Identity.IsAuthenticated)
        {
            string userId = user.Identity.Name.Replace(TemplateConstants.s_samaccount, string.Empty);
                var result = await requestService.GetMyDetailsAsync(userId);

        }
}

In the above code, Request Service is my custom api. This api is used to show you how to get the access token from azure.
In the Request Service Api class,

    private readonly HttpClient _httpClient;
    private readonly AppScopes appScopes;
    private readonly BasicApiUrls basicApiUrls;
    private readonly ITokenAcquisition tokenAcquisition;

    public RequestService(BasicApiUrls basicApiUrls,
        ITokenAcquisition tokenAcquisition,
        AppScopes appScopes,
        IHttpClientFactory _httpClientFactory)
    {
        this.basicApiUrls = basicApiUrls;
        this.tokenAcquisition = tokenAcquisition;

        _httpClient = _httpClientFactory.CreateClient("RequestClient");
        this.appScopes = appScopes;
    }
    public string Token { get; set; } = "";

    public async Task GetAzureToken()
    {

        try
        {
            Token = await tokenAcquisition.GetAccessTokenForUserAsync(new string[] { appScopes.ScopeBaseUrl! });
            _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", Token);
        }
        catch (Exception ex)
        {
            exceptionLogger.Log(ex);
        }
    }

    public async Task<Result<EmployeeDetails>> GetMyDetailsAsync(string employeeId)
    {
        try
        {
            await GetAzureToken();
            var request = new HttpRequestMessage(HttpMethod.Get, $"{basicApiUrls.WorkflowApiBaseUrl}/employee/{employeeId}");
            request = AppendCorrelationId(request);
            var response = await _httpClient.SendAsync(request);
            return await response.HandleApiResponse<EmployeeDetails>(logger);
        }
        catch (HttpRequestException exception)
        {
            var problemDetails = exceptionLogger.Log(exception);
            // Handle network-related errors
            return Result<EmployeeDetails>.FailureStatus(problemDetails);
        }

    }

This is how you pass the token to the respective api

Validating the token passed from Blazor in Api

Finally, Comming to the last part that is validating the token in api.
Similar to blazor, I have created DependencyInjection class with two methods and i have called them in Program.cs
Packages required:

Microsoft.Identity.Web;

Similar to blazor, Please add Azure Configuration in appSettings of Api as well.
Add below lines in AddApiService method

services.AddAuthentication().AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));

            services.AddAuthorization(options =>
            {
                // Azure AD-based policy
                options.AddPolicy("AzureAuth", policy =>
                {
                    policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme); // "Bearer"
                    policy.RequireAuthenticatedUser();
                    policy.RequireClaim("http://schemas.microsoft.com/identity/claims/scope", "User.All");
                    policy.RequireRole("Template.User");
                });
            });

In UseApiServices method

            app.UseAuthentication();
            app.UseAuthorization();

Finally, in Minimal Api

        public void AddRoutes(IEndpointRouteBuilder app)
        {
            var group = app.MapGroup("api/request/v{version:apiVersion}/employee")
                                .WithApiVersionSet()
                                .HasApiVersion(new ApiVersion(1));
            group.MapGet("{id}", UserDetails).CacheOutput().RequireAuthorization("AzureAuth");
}

That's all it takes, This is a complete set up of azure entra from Azure app registration -> Blazor -> Api.

Conclusion

There are multiple ways to validate tokens and handle authentication flows—it ultimately depends on your architecture, security requirements, and preferred implementation style.

In this blog, I used .NET 8, Blazor Server, and ASP.NET Core Web API to demonstrate how to integrate Azure Entra Authentication in a clean and effective way.

I hope this guide not only helps you get started but also works seamlessly in your setup.

Happy coding! 🚀

GitLab for Enterprise

Ray_Dsz — Sun, 01 Jun 2025 16:20:27 +0000

Introduction
GitLab terminology for project tracking tools
How To Get Started
Gitlab CI/CD
Conclusion

Introduction

Every enterprise or every project needs to have a codebase. Without it, It's chaos. Developers working on project will have a hard time picking up on updates. As each of them will have their own copy. If local computer is somehow crashed, The entire data is deleted. So many problems. In our case, We have our own on-prem GitLab Server.

Let's delve into what we are going to learn here:

The systematic approach of how a project should handle repository code. Some guidelines and stuff.
How Clean Architecture helps in GitLab to avoid Merge Conflicts etc.

GitLab terminology for project tracking tools

Some of the content here is from ChatGPT as iam lazy

Issues – Track tasks, bugs, or feature requests.
Issue boards – Visualize and manage issues using customizable kanban boards.
Milestones – Group issues and merge requests by project goals or deadlines.
Wiki – Collaborative documentation space for your project.
Merge requests – Propose, review, and merge code changes.
Repository – Central storage for your project’s codebase and version history.
Branches – Independent lines of development within the same repository.
Commits – Snapshots of changes made to the codebase.
Tags – Named points in history used to mark releases or important commits.
Labels - Customizable tags used to categorize, prioritize, and filter issues and merge requests for better project organization and workflow management.
Pipelines – Automated CI/CD workflows triggered by code changes.
Artifacts – Output files generated by pipeline jobs (e.g., build results).
Package Registry – Built-in system to publish and share packages (e.g., NuGet).

How To Get Started

When it comes to Enterprise applications, Everybody just dumps the code into the codebase without any use of core concepts. It's okay, But still it looks alot more useless. You will achieve the prime responsibility of the codebase .i.e your code is safe and the recent code is pushed. But, What if you want to categorise it. Where you went wrong and stuff.

Let me show you the approach i use.

At first, Iam assuming you already have a project in gitlab. Now, There are two scenarios in Enterprise applications. Either you develop or you maintain.

Step 1: Milestone

So entire process starts with the Milestone. You can find it Project Repo / Plan / Milestones:

In our case, We have maintained two milestones

Development : As we are developing some applications
Maintenance : As we are maintaining some applications as employees raise issues, a change in application workflow etc..

Step2: Labels

Labels are prime differentiators in your repo. You can find it
Project Repo / Manage / Labels:

For both, Development and Maintenance we have some common labels

Feature: When a new change is introduced by app owner or by developer. This flag is used.

Bugs: If employee or tester has raised an issue. This flag is used

Priority-low: When priority is low

Priority-Med: When priority is medium

Priority-High: When priority is high

Update: When you have fixed an issue or you are working on feature that has already deployed. This flag is used

Documentation: Used when you are updating the document related to app. And Yes, Its better to keep the documents here as well.

Step 3: Issues

Whenever something happens, It's always best practice to create an issue. Whether it is a new feature or update or bug. Each commit has to have atleast one issue.

You can find it
Project Repo / Plan / Issues:

While creating a new Issue, Details matter. Write Precisely what you are expecting. This includes files that are going to change. It's better you have someone who assigns the issues or you can do it yourself.

This is where Labels and Milestone comes into picture. Once created, An issue id is generated. Usually it would be like #3, #120 etc. It's incremental.

Step 4: Branches

You can create branches within VS 2022. Like below

Or in GitLab:
Project Repo / Code / Branches

The format for Branch name i follow is if its an

feature: feature/EmployeeId/IssueId
update: update/EmployeeId/IssueId
bug: bug/EmployeeId/IssueId

This will help me make it easier to understand, which branches and issues are mine. Please make sure one branch for one deployment.
There should be two more branches: main (default, prod), integration (test env).
*Please maintain an approval system for the merge request to these branches. *

Step 5: Merge Requests

Once you create the branch and push into it. Then there will be only two merge requests created for the entire feature deployment.

your branch -> integration
integration -> main

You can find it here:
Project Repo / Code / Merge Requests:

Now, Keep in mind. You have issue open and a branch created. When you create a merge request from your branch -> integration and is approved by your senior. The issue should be automatically closed and branch should be automatically deleted. Because, the recent code will be merged into integration and there is no need of branches getting piled up. To achieve this,

Inorder to close the issue:

In Title, Issue closes or closes or closes Issue . This makes GitLab understand that once merge request is approved, This issue should be closed.
Give a description. We can create a template as well, We will check it later.
Select milestone, Label, Reviewer, Assigner etc.
Under Merge Options,
- Select Delete source branch when merge request is accepted to delete the branch you created.
- Select Squash commits when merge request is accepted. If you have multiple commits under same branch.

GitLab CI/CD

GitLab CI/CD is an integrated toolset that automates the build, test, and deployment phases of your software development lifecycle, directly within GitLab.

.gitlab-ci.yml: A YAML file in your repo that defines CI/CD pipelines, jobs, and stages.
Runners: Agents that execute the jobs; can be shared or project-specific. We have set up our gitlab runner in our server. It runs as windows service.

How to set up runner

To install Gitlab runner in your environment or server. You can click here
Once done, Go to your repo project and go to Settings -> CI/CD Settings-> Runners

Click on new project runner. You can select the platform, tags. Tags help in differentiating the jobs that needs to be run. In your yaml file, if you set the build to specific tag, Then the build will run on runner which has that tag. You specify that tag here

If you dont have any tags. Check the run untagged jobs.
Once you click on create runner. You will redirected here
Go to the server or environment where gitlab runner is installed and run the command provided in gitlab to register the runner. You can register multiple runners as well.
Then you run the command gitlab-runner run. If it succeeds, The runner is working fine.

CI/CD GitLab yaml file

stages:
  - build
  - test
  - deploy

build-job:
  stage: build
  script:
    - echo "build started"
    - 'dotnet build Test.sln'
    - 'dotnet publish Test.WebApi\Test.WebApi.csproj -c Release  -p:PublishProfile=StageProfile -o publish-api'
    - 'dotnet publish Test.WebUI\Test.WebUI.csproj -c Release  -p:PublishProfile=StageProfile -o publish-webui'
    - echo "build complete."
  artifacts:
    paths:
      - publish-api
      - publish-webui

unit-test-job:
  stage: test
  script:
    - echo "Started Testing"
    - 'dotnet test Test.Unit.Tests\Test.Unit.Tests.csproj'
    - echo "Testing Completed"


deploy-staging:
  stage: deploy
  environment: staging
  script:
    - echo "Deploying application to Staging server..."
    - .\deploy\deploy_staging.ps1
    - echo "Application successfully deployed on staging"
  only:
    - integration

deploy-prod:
  stage: deploy
  environment: production
  script:
    - echo "Deploying application to production server..."
    - .\deploy\deploy_prod.ps1
    - echo "Application successfully deployed on production"
  only:
    - main

The above is the content in yaml file.
There are 3 stages

Build
Test
Deploy

Each stage has job

build-job -> This job builds two projects webapi, webui. Once build succeeds, It pushes the release to the server path of our dev server. This is maintained in Stage Profile. This is not a cleaner approach and i wont reccomend it. The code is pushed to respective artifact folders in gitlab runner server.
Unit-Test-Job -> This checks all the testcases written in Test project.
Both of the above jobs run of each commit push to the repo.
deploy-staging -> This job runs the powershell thats present in file deploy_staging.ps1. This only runs when the merge request is approved to integration branch. This stops the app pool and pushes the release code from artifacts to dev server web app folder.
deploy-prod -> This job runs the powershell thats present in file deploy_prod.ps1. This only runs when the merge request is approved to main branch. This stops the app pool and pushes the release code from artifacts to prod server web app folder.

Test Cases integration

If you want to check the test case report to check how many test cases are covered. This can also be integrated.

stages:
  - build
  - test
  - deploy

build-job:
  stage: build
  script:
    - 'dotnet build Test.sln'
    - echo "build complete."

unit-test-job:
  stage: test
  only:
    - pushes
  script:
    - echo "Started Testing"
    - 'dotnet test Test.Unit.Tests\Test.Unit.Tests.csproj --results-directory $CI_PROJECT_DIR/cobertura --collect:"XPlat Code Coverage" --test-adapter-path:. --logger:"junit;LogFilePath=..\artifacts\{assembly}-test.xml;MethodFormat=Class;FailureBodyFormat=Verbose"'
    - 'Copy-Item -Path "$CI_PROJECT_DIR\cobertura\*\coverage.cobertura.xml" -Destination "$CI_PROJECT_DIR\cobertura\coverage.cobertura.xml"'
    - dotnet tool install -g dotnet-reportgenerator-globaltool #uncomment it if you are using gitlab runner for the very 1st time
    - dotnet tool install -g CodeCoverageExtractor #uncomment it if you are using gitlab runner for the very 1st time
    - reportgenerator -reports:"$CI_PROJECT_DIR/cobertura/coverage.cobertura.xml" -targetdir:"coveragereport" -reporttypes:"Html"
    - codecoverageextractor $CI_PROJECT_DIR/cobertura/coverage.cobertura.xml
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./**/*test.xml
      - $CI_PROJECT_DIR/cobertura/coverage.cobertura.xml
      - coveragereport
    reports:
      junit:
        - ./**/*test.xml
      coverage_report:
        coverage_format: cobertura
        path: $CI_PROJECT_DIR/cobertura/coverage.cobertura.xml
  dependencies:
    - build-job
  coverage: /total_coverage=(\d+.?\d?)/

deploy-dev:
  stage: deploy
  environment: Development
  script:
    - echo "Deploying application to Staging server..."
    - 'dotnet publish Test.WebApi\Test.WebApi.csproj -p:PublishProfile=StageProfile'
    - 'dotnet publish Test.WebUI\Test.WebUI.csproj -p:PublishProfile=StageProfile'
    - echo "Application successfully deployed on staging"
  only:
    - integration

deploy-staging:
  stage: deploy
  environment: Staging
  script:
    - echo "Deploying application to Staging server..."
    - 'dotnet publish Test.WebApi\Test.WebApi.csproj -p:PublishProfile=StageProfile'
    - 'dotnet publish Test.WebUI\Test.WebUI.csproj -p:PublishProfile=StageProfile'
    - echo "Application successfully deployed on staging"
  only:
    - integration

deploy-prod:
  stage: deploy
  environment: Production
  script:
    - echo "Deploying application to production server..."
    - 'dotnet publish Test.WebApi\Test.WebApi.csproj -p:PublishProfile=ProdProfile'
    - 'dotnet publish Test.WebUI\Test.WebUI.csproj -p:PublishProfile=ProdProfile'
    - echo "Application successfully deployed on production"
  only:
    - main

As you can see, We have used cobertura for test cases count and to generate xml. We have set it to expire in 1 week as well. This is used by junit to show the xml file. Once its generated, The Gitlab will fetch it automatically and display the report from xml file.

Conclusion

This is the entire process we follow. From the configuration to standardization to Deployming automatically. This is the magic that runs behind CI/CD.

Create and Publish a Custom .NET Project Template and Private NuGet to GitLab Package Registry

Ray_Dsz — Thu, 29 May 2025 04:02:11 +0000

Introduction
Creating a Project Template Package
How to get started
Creating a Nuget Package
Conclusion

Introduction

In my previous article, I shared a practical overview of Clean Architecture and the structure we implemented across our applications.

In this follow-up, I’ll walk you through how we turned that structure into a reusable project template. With over 20+ internal applications and a team of 8 developers, we simply can’t afford to build each app from scratch every time. That’s where a project template comes in — speeding up development, enforcing consistency, and avoiding repetitive boilerplate.

Imagine a scenario where team members download NuGet packages independently — possibly pulling in licensed, unvetted, or even unwanted packages. This can lead to compliance issues and unnecessary bloat.

So the next logical step?

Centralize NuGet package management using a private registry, and embed that configuration directly into the project template!

Creating a Project Template Package

If you are new here, I had created a .NET Clean Architecture Template previously. You can check here.

Structure is same as below. Done? Let's start=>

Create a folder structure like this:

Template / Content/ is-template / your Clean Architecture Solution here
Within is-template folder, Create .template.config folder.
After this, Create json file within the .template.config called template.json.
You can modify the template.json content from below

{
      "$schema": "http://json.schemastore.org/template",
      "author": "Rayson",
      "classifications": [
        "blazor",
    "WebAPI"
      ],
      "name": "Team Architecture project template",
      "description": "Project template to create starter project for .NET Team project",
      "identity": "IS.project.starter",
      "shortName": "is-template",
      "sourceName": "ISWebAppTemplate",
      "tags": {
        "language": "C#",
        "type": "project"
      },
      "symbols": {
        "Framework": {
          "type": "parameter",
          "description": "The target framework for the project.",
          "datatype": "choice",
          "choices": [
            {
              "choice": "net8.0"
            },
            {
              "choice": "net9.0"
          }
          ],
          "defaultValue": "net8.0",
          "replaces": "{TargetFramework}"
        }
      }
    }

Now run the below command in cmd (Path should be at root of your .Net Clean Architecture Solution):

dotnet new -i .

Now, you can run the below command in cmd to create a project based on template. Below, is-template is the shortName you provided in template.json

dotnet new is-template -n YourNewProject

Optional:

Now, if you want this package to be publicly available to all your team member, You can follow the below approach.
- Prerequisites:
- GitLab / GitHub - Contributor Access required.
I will be using gitlabs, As i have expertise on this. But, Iam pretty sure the same process would be used for github as well.
First let's make it secure. We will create a access token for the project. You can create it by going to

Gitlab -> Your Project Repo -> Settings -> Access token
Configure the token as below and create it

Copy the token and keep it secure. We need it in next step
Open cmd and run the below command:

dotnet nuget add source "https://<gitlab-domain>/api/v4/projects/<project-id>/packages/nuget/index.json" --name is_template_package --username <gitlab-username> --password <access-token>

Note: 
<gitlab-username> - your gitlab username
<project-id> - You can find it in your gitlab project like below

Now go back to gitlab repo and got to Deploy -> Package Registry

You should see a is_template_package here.
Finally, Run the below commands:

dotnet build -c Release

dotnet pack -c Release -o ./nuget

You should see a nuget folder created in root, Which contains a <solution-name>.nupkg file.
Once done, Run the below command in cmd:

dotnet nuget push ./nuget/<solution-name>.nupkg --api-key <access-token> --source "https://<gitlab domain>/api/v4/projects/<project-id>/packages/nuget/index.json"

The approach what i would suggest is using CI/CD pipeline. This is a yaml file where you add the stages. This will be explained in separate post later.

How to get started

Now that we have set up the private Nuget which is available to team members, How to team members install it?. Follow the below process...

Add below nuget resource on your local environment using dotnet command. This will add IS team private nuget repository as one of the source for nuget packages.

dotnet nuget add source "https://<gitlab-domain>/api/v4/projects/<project-id>/packages/nuget/index.json"

Install the IS starter project template using below command

dotnet new install <nupkg-name>

Create new project using below command. Replace with the choice of your project name.

dotnet new is-template -n <solution name>

Example: dotnet new is-starter-web -n TravelDesk this will create solution as TravelDesk.sln and replace the projects name with the given name.

Update template

Run the below command to update the template

dotnet new update

If you wish to check if there are any updates to the template run the below command

dotnet new update --check-only

Uninstall/Remove template

If you want to remove the template from your machine run the below command.

dotnet new uninstall <nuget-name>

Creating a Nuget Package

In order to create a centralised Nuget Package manager, We have to create a console application.

Open VS 2022, Select Create a new Project -> Console App
Remove the Default Class created.
Install all necessary packages that are required for all the projects here. This will be the single point of access for all packages.
Your final solution should look like this

Note, In the above image, The yml file was created by me and the nuget folder will be visible, Once you finish the below process.

Once done, Follow the same process from this section.
Once you got the source gitlab url from the process. The source url would be in this format:

https://<gitlab-domain>/api/v4/projects/<project-id>/packages/nuget/index.json

Go to the default template that we created before this section. Open the template solution in vs 2022.
Right Click Solution -> Manage NuGet Packages for Solution
Click on the Settings (Gear Icon) -> Add new item (+ icon)

Give package source name and Source as the gitlab url in format:

https://<gitlab-domain>/api/v4/projects/<project-id>/packages/nuget/index.json

Remove everything except this.
You can follow the process of packaging the template again by checking here and this time change the version from 1.0.0 to 1.0.2. You can set it in .csproj file.

*Once done, In your template, You will get an update to IS.Nuget package. Once updated,

This is what will be present in Directory.Packages.props.

<PackageVersion Include="IS.Nuget" Version="1.0.2" />

and in all projects except domain within template:

<PackageReference Include="IS.Nuget" />

Note that: The gitlab project repo for both Template and Nuget are maintained separately. They should not be placed under single repo. So, The project id for Nuget and Template would be different. Same goes for Access token as well.

Conclusion

Creating a project template isn’t just about saving time — it’s about enforcing consistency, reducing errors, and scaling development across multiple applications and teams.

By turning your Clean Architecture setup into a reusable .NET template and combining it with a centralized NuGet package registry, you can:

Accelerate onboarding for new team members
Prevent unauthorized or accidental package usage
Ensure all apps follow the same architectural and dependency standards
The template now contains a Private Nuget which will have an update everytime you add a new Nuget package into Console app and push it to gitlab private registry.

This approach has helped our team manage 20+ enterprise applications with fewer surprises and better control.

Wait!! There's more..

Have you ever wondered:
"Rayson, can't this process be even cleaner?"

Well... you're absolutely right — I hate running a bunch of manual commands in cmd too.

The good news? We can simplify it further using CI/CD pipelines and environment variables to automate most of these steps.

Stay tuned — in the next post, I’ll show how to streamline this entire workflow with automation, so you can focus more on development and less on setup.

Clean Architecture for Enterprise Applications: A Practical Guide from the Trenches

Ray_Dsz — Tue, 27 May 2025 15:59:18 +0000

Introduction
The Question, What?
The Question, Why?
The Question, How?
Conclusion

Introduction

Have you ever faced a situation where you wanted to separate concerns like logging, database operations, and business logic?

While this can be partially achieved by tweaking a traditional monolithic architecture, there's a better way.

What if I told you there's an architectural style designed to separate these concerns cleanly and effectively?

Yes — that’s Clean Architecture. Let’s dive in and explore why it works so well.

Clean Architecture in Nutshell

Clean Architecture is a layered architecture that enforces separation of concerns through strict boundaries. Each layer has a clear role and direction of dependency.

Typically, There are four Main Clean Architecture Layers:

Domain:

This is the core and innermost layer of the architecture. It has no dependencies on other layers and contains the pure business model of your application. You won't find any NuGet packages here.

It typically includes:

Enums
Models
Constants
Value Objects

Application:

The Application layer depends only on the Domain layer. It contains use cases and business logic that orchestrate operations using domain entities.

Here you define:

Application services (use cases)
Interfaces for repositories or external services
Validation rules and constraints

Example: Logic for how a request should be created, or when a workflow should be triggered.

Infrastructure:

This layer provides implementations for interfaces defined in the Application layer. It depends on the Application. But, As the Application depends on Domain layer. Infrastructure layer also depends on Domain layer.

Typical components:

Database context (e.g., AppDbContext in EF Core)
Repository implementations
External services (e.g., mail, file storage)
Data migrations and configurations

Presentation Layer:

The outermost layer of the system. It provides the user interface or API that external clients interact with. It depends on the Application and Infrastructure layers.

It usually contains:

API endpoints (e.g., Minimal APIs or Controllers)
Middleware (e.g., global exception handling)
Authentication & Authorization logic

The Question: Why?

I used to wonder whether Clean Architecture was the right fit for our use case — modernizing a suite of homegrown applications.

The company I currently work for maintains over 20 internal applications, each built over time with different frameworks and architectural styles. Some were in Angular, others in .NET, and a few in React. As the system grew, maintaining expertise across so many tech stacks became difficult and inefficient. We didn’t want to depend on hiring developers with specific skills for each application.

So, we made a strategic decision: standardize all new and modernized apps using a single stack — .NET with Clean Architecture. It offered better scalability, clear separation of concerns, and most importantly, consistency across all applications.

Initially, this approach felt like over-engineering — especially for our smaller apps. Clean Architecture introduces more layers and structure, which might feel heavy when your app has just a few features or a limited user base (ours was around 2,000 users). But let's be honest,

Architecture isn't only about scale of users — it's about scale of complexity.

Even if an app starts small, business logic can grow rapidly. With monolithic structures, you risk dumping everything into one massive "business layer" over time. Clean Architecture helps you avoid that by enforcing boundaries from the beginning.

Yes, it’s more complex upfront. New developers might need time to get used to the structure. But once they do, they’ll appreciate how easy it is to navigate, maintain, and extend the codebase — layer by layer, feature by feature.

The Question, How?

How do you actually build a Clean Architecture solution?

The most important thing for us, when modernizing over 20 internal applications, was to establish a common boilerplate — a reusable template that could serve as a starting point for every application we build going forward.

Here’s an overview of that structure:

In this post, I’ll explain the structure at a high level. In future posts, I’ll dive deeper into each component. Now, Let's start with creating a blank solution in VS 2022. Then follow up:

Solution Items:

These files apply settings across the entire solution, not
just individual projects

.editorconfig: Contains code formatting rules. For example, in Visual Studio 2022, this can enforce naming conventions (e.g., readonly variables must start with _, static variables with s_).

Create it with: Add → New Item → Editor Config (.NET)

Directory.Build.props: Stores common metadata for all projects (e.g., name, description, Git repo URL).

Create it with: Add → New Item → XML File

<Project>
  <PropertyGroup>
    <Title>IS Web Application Template</Title>
    <Authors>Rayson Dsouza</Authors>
    <Description>This template will be the base for all the applications that are going to be built under IS. These include API, Web Blazor Applications.</Description>
    <RepositoryType>gitlabs</RepositoryType>
    <PackageTags>api project, api endpoints, response, web ui</PackageTags>
    <RepositoryUrl>{YOUR_GITLAB_REPO_URL}</RepositoryUrl>
    <LangVersion>12</LangVersion>
    <RootNamespace>ISWebAppTemplate</RootNamespace>
    <TargetFramework>net8.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <InvariantGlobalization>false</InvariantGlobalization>
  </PropertyGroup>
</Project>

Directory.Packages.props: Centralizes NuGet package references across the solution, avoiding redundancy.

Create it with: Add → New Item → XML File

<Project>
  <PropertyGroup>
    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
  </PropertyGroup>
  <ItemGroup>
    <PackageVersion Include="Carter" Version="8.2.1" />
    <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="8.0.16" />
    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.4" />
    <PackageVersion Include="Microsoft.EntityFrameworkCore.Tools" Version="9.0.4" />
    <PackageVersion Include="Swashbuckle.AspNetCore" Version="8.1.1" />
    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.10.0" />
  </ItemGroup>
</Project>

src/Backend: Clean Architecture Backend

This folder holds the backend solution based on Clean
Architecture.

ISWebAppTemplate.Api:

<Project Sdk="Microsoft.NET.Sdk.Web">
  <PropertyGroup>
    <GenerateDocumentationFile>true</GenerateDocumentationFile>
    <RootNamespace>ISWebAppTemplate.Api</RootNamespace>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Carter" />
    <PackageReference Include="Microsoft.AspNetCore.OpenApi" />
    <PackageReference Include="Microsoft.EntityFrameworkCore.Design">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
    <PackageReference Include="Swashbuckle.AspNetCore" />
  </ItemGroup>

  <ItemGroup>
    <ProjectReference Include="..\ISWebAppTemplate.Application\ISWebAppTemplate.Application.csproj" />
    <ProjectReference Include="..\ISWebAppTemplate.Infrastructure\ISWebAppTemplate.Infrastructure.csproj" />
  </ItemGroup>
</Project>

The Presentation Layer (outermost layer). An ASP.NET Core
Web API project. You can refer to Presentation layer for more details.

ISWebAppTemplate.Application:

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <RootNamespace>ISWebAppTemplate</RootNamespace>
  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\ISWebAppTemplate.Domain\ISWebAppTemplate.Domain.csproj" />
  </ItemGroup>
</Project>

The Application Layer. A class library focused on business
logic. You can refer to Application layer for more
details.

ISWebAppTemplate.Infrastructure:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <RootNamespace>ISWebAppTemplate.Infrastructure</RootNamespace>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
  </ItemGroup>

  <ItemGroup>
    <ProjectReference Include="..\ISWebAppTemplate.Application\ISWebAppTemplate.Application.csproj" />
  </ItemGroup>

</Project>

The Infrastructure Layer. A class library focused on Handling
database and external service interactions. You can refer to
Infrastructure layer for more details.

ISWebAppTemplate.Domain:

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <RootNamespace>ISWebAppTemplate.Domain</RootNamespace>
  </PropertyGroup>
</Project>

The Domain Layer (innermost/core layer). Contains domain
entities, value objects, and core rules. You can refer to
Domain layer for more details.

src/Frontend: Blazor Web UI

This folder contains the frontend application. I have
created Blazor Web App and selected Blazor server as
renderer.

ISWebAppTemplate.WebUI:

A Blazor Server application with:

Radzen for UI components
Azure Entra MFA Authentication
Correlation ID generation for tracing requests across downstream APIs — helpful in debugging and log analysis.

`/tests:` Unit and Integration Testing

We separate tests into two clear layers:

ISWebAppTemplate.Integration.Tests:

Focus: Full transaction and behavior testing
Example: If a requester is in Band X, no approval is
required; otherwise, admin approval is triggered.
Integration tests verify this business logic
holistically.
ISWebAppTemplate.Unit.Tests:

Focus: Validations and logic at the entity level
Example: The request title must be at least 50 characters long

The Key Difference:
Unit tests validate isolated components like a field or
rule.
Integration tests validate end-to-end behavior and rule
application.

Conclusion

I know this has been a lot to take in — especially since I’ve only scratched the surface. But don’t worry, I’ll be diving deeper in upcoming posts. Each of the techniques and patterns used in this project will be covered individually to give you a clearer and more practical understanding of how they work in real scenarios.

So why Clean Architecture over a traditional monolith?

It all comes down to separation of concerns, scalability, and long-term maintainability. Clean Architecture gave us a structure that helps manage complex business logic across 20+ applications — something that would have become unmanageable with a typical monolithic setup.

Note: We are not using Docker or containerization in this setup. Since our applications serve around 2,000 users and are hosted on a stable on-premise server, the performance needs are easily met. The main reason for adopting Clean Architecture was to better manage complex business logic, not to meet scale or deployment flexibility.

Next Up: Create and Publish a Custom .NET Project Template and Private NuGet to GitLab Package Registry

DEV Community: Ray_Dsz

Top Ingredients for Blazor Server Recipe

Table Of Contents

Introduction

Project Structure

BasicDataModels/

Extensions/

Middleware/

Models/

Services/

The Ingredients

Setting Up Azure Entra Authentication

Logging for Blazor Server

Packages Required

In appSettings.json

In Program.cs

Setting up CorrelationId for Transaction

In Services Folder:

In Middleware Folder :

In DependecyInjection.cs :

Exception Handling in Blazor

In Services Folder:

In DependencyInjection.cs:

Retry Policy for Api in Blazor

Package Required

In DependencyInjection.cs:

Rate limiting in Blazor Application

In DependencyInjection.cs:

Content Security Policy (CSP)

In DependencyInjection.cs:

Error handling in Api Call from Blazor

In MainLayout.razor:

In Error.razor:

In RequestService.cs:

Conclusion

Set up Azure Entra Authentication with Blazor

Introduction

Creating Azure app registration

Setting up Azure Entra authentication in Blazor.

Validating the token passed from Blazor in Api

Conclusion

GitLab for Enterprise

Table Of Contents

Introduction

GitLab terminology for project tracking tools

How To Get Started

Step 1: Milestone

Step2: Labels

Step 3: Issues

Step 4: Branches

Step 5: Merge Requests

GitLab CI/CD

How to set up runner

CI/CD GitLab yaml file

Test Cases integration

Conclusion

Create and Publish a Custom .NET Project Template and Private NuGet to GitLab Package Registry

Table Of Contents

Introduction

Creating a Project Template Package

Optional:

How to get started

Creating a Nuget Package

Conclusion

Clean Architecture for Enterprise Applications: A Practical Guide from the Trenches

Table of Contents

Introduction

Clean Architecture in Nutshell

Domain:

Application:

Infrastructure:

Presentation Layer:

The Question: Why?

The Question, How?

Solution Items:

src/Backend: Clean Architecture Backend

src/Frontend: Blazor Web UI

/tests: Unit and Integration Testing

Conclusion

`BasicDataModels/`

`Extensions/`

`Middleware/`

`Models/`

`Services/`

`Setting Up Azure Entra Authentication`

`Logging for Blazor Server`

In `appSettings.json`

In `Program.cs`

`Setting up CorrelationId for Transaction`

In `Services Folder`:

In `Middleware Folder` :

In `DependecyInjection.cs` :

`Exception Handling in Blazor`

In `Services Folder`:

In `DependencyInjection.cs`:

`Retry Policy for Api in Blazor`

In `DependencyInjection.cs`:

`Rate limiting in Blazor Application`

In `DependencyInjection.cs`:

`Content Security Policy (CSP)`

In `DependencyInjection.cs`:

`Error handling in Api Call from Blazor`

In `MainLayout.razor`:

In `Error.razor`:

In `RequestService.cs`:

`/tests:` Unit and Integration Testing