From 07098b3d9726639a5369f2082cdaff2f77451d5e Mon Sep 17 00:00:00 2001
From: Javier Calvarro Nelson <jacalvar@microsoft.com>
Date: Mon, 17 Feb 2020 17:27:21 -0800
Subject: [PATCH] [Blazor][Wasm] Template changes to support auth in Blazor
 wasm (#18933)

* [Blazor] Adds a project template option for individual auth
* Handles hosted scenarios with Identity Server.
* Handles non-hosted scenarios with oidc-client.js.
* Handles AAD and B2C scenarios with an MSAL library (disabled for now).
---
 eng/Dependencies.props                        |   2 +
 eng/Versions.props                            |   4 +
 .../Shared/RedirectToLogin.razor              |   2 +-
 .../BlazorWasm-CSharp.Client.csproj.in        |   2 +
 .../BlazorWasm-CSharp.Server.csproj.in        |  29 ++
 ...crosoft.AspNetCore.Blazor.Templates.csproj |  15 +-
 .../.template.config/dotnetcli.host.json      |  74 +++-
 .../.template.config/template.json            | 281 +++++++++++++-
 .../.template.config/vs-2017.3.host.json      |  24 ++
 .../BlazorWasm-CSharp/Client/App.razor        |  21 +-
 .../Client/Pages/Authentication.razor         |   7 +
 .../Client/Pages/FetchData.razor              |  29 ++
 .../BlazorWasm-CSharp/Client/Program.cs       |  36 ++
 .../LoginDisplay.IndividualLocalAuth.razor    |  34 ++
 .../LoginDisplay.IndividualMsalAuth.razor     |  23 ++
 .../Client/Shared/MainLayout.Auth.razor       |  16 +
 ...inLayout.razor => MainLayout.NoAuth.razor} |   0
 .../Client/Shared/RedirectToLogin.razor       |   8 +
 .../BlazorWasm-CSharp/Client/_Imports.razor   |   3 +
 .../Client/wwwroot/favicon.ico                | Bin 0 -> 32038 bytes
 .../Client/wwwroot/index.html                 |   6 +
 .../Pages/Shared/_LoginPartial.cshtml         |  35 ++
 .../OidcConfigurationController.cs            |  26 ++
 .../Controllers/WeatherForecastController.cs  |   6 +
 .../Server/Data/ApplicationDbContext.cs       |  21 +
 ...000000000_CreateIdentitySchema.Designer.cs | 352 +++++++++++++++++
 .../00000000000000_CreateIdentitySchema.cs    | 278 ++++++++++++++
 .../ApplicationDbContextModelSnapshot.cs      | 350 +++++++++++++++++
 ...000000000_CreateIdentitySchema.Designer.cs | 359 ++++++++++++++++++
 .../00000000000000_CreateIdentitySchema.cs    | 280 ++++++++++++++
 .../ApplicationDbContextModelSnapshot.cs      | 357 +++++++++++++++++
 .../Server/Models/ApplicationUser.cs          |  12 +
 .../BlazorWasm-CSharp/Server/Program.cs       |  23 +-
 .../BlazorWasm-CSharp/Server/Startup.cs       |  90 ++++-
 .../content/BlazorWasm-CSharp/Server/app.db   | Bin 0 -> 135168 bytes
 .../Server/appsettings.Development.json       |  18 +
 .../BlazorWasm-CSharp/Server/appsettings.json |  41 ++
 .../test/BlazorWasmTemplateTest.cs            | 212 ++++++++++-
 .../test/Helpers/ProjectFactoryFixture.cs     |   2 +-
 .../Infrastructure/TemplateTests.props.in     |   8 +
 .../test/template-baselines.json              |   5 +
 41 files changed, 3060 insertions(+), 31 deletions(-)
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/Authentication.razor
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualLocalAuth.razor
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualMsalAuth.razor
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.Auth.razor
 rename src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/{MainLayout.razor => MainLayout.NoAuth.razor} (100%)
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/RedirectToLogin.razor
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/wwwroot/favicon.ico
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Areas/Identity/Pages/Shared/_LoginPartial.cshtml
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/OidcConfigurationController.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/ApplicationDbContext.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.Designer.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/ApplicationDbContextModelSnapshot.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.Designer.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/ApplicationDbContextModelSnapshot.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Models/ApplicationUser.cs
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/app.db
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.Development.json
 create mode 100644 src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.json

diff --git a/eng/Dependencies.props b/eng/Dependencies.props
index c2ef3790db..5877027dfd 100644
--- a/eng/Dependencies.props
+++ b/eng/Dependencies.props
@@ -157,6 +157,8 @@ and are generated based on the last package release.
     <LatestPackageReference Include="Microsoft.AspNetCore.ApiAuthorization.IdentityServer" Version="$(MicrosoftAspNetCoreApiAuthorizationIdentityServerPackageVersion)" />
     <LatestPackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="$(MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion)" />
     <LatestPackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="$(MicrosoftAspNetCoreIdentityUIPackageVersion)" />
+    <LatestPackageReference Include="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="$(MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion)" />
+    <LatestPackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="$(MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion)" />
     <LatestPackageReference Include="Microsoft.AspNetCore.Server.IntegrationTesting" Version="$(MicrosoftAspNetCoreServerIntegrationTestingPackageVersion)" />
   </ItemGroup>
 
diff --git a/eng/Versions.props b/eng/Versions.props
index 779218e987..fd967b7c4f 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -206,6 +206,8 @@
     <SystemThreadingTasksExtensionsPackageVersion>4.5.2</SystemThreadingTasksExtensionsPackageVersion>
     <!-- Packages developed by @aspnet, but manually updated as necessary. -->
     <LibuvPackageVersion>1.10.0</LibuvPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion>3.1.0</MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion>3.1.0</MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion>
     <MicrosoftAspNetCoreIdentityUIPackageVersion>3.1.0</MicrosoftAspNetCoreIdentityUIPackageVersion>
     <MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>3.1.0</MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>
     <MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>3.1.0</MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>
@@ -281,6 +283,8 @@
     <MicrosoftAspNetCoreApiAuthorizationIdentityServerPackageVersion>$(MicrosoftAspNetCoreApiAuthorizationIdentityServerPackageVersion)</MicrosoftAspNetCoreApiAuthorizationIdentityServerPackageVersion>
     <MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>$(MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion)</MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>
     <MicrosoftAspNetCoreIdentityUIPackageVersion>$(MicrosoftAspNetCoreIdentityUIPackageVersion)</MicrosoftAspNetCoreIdentityUIPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion>$(MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion)</MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion>$(MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion)</MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion>
   </PropertyGroup>
   <!-- Restore feeds -->
   <PropertyGroup Label="Restore feeds">
diff --git a/src/Components/Blazor/testassets/Wasm.Authentication.Client/Shared/RedirectToLogin.razor b/src/Components/Blazor/testassets/Wasm.Authentication.Client/Shared/RedirectToLogin.razor
index 4f77ca66d5..56de7995d3 100644
--- a/src/Components/Blazor/testassets/Wasm.Authentication.Client/Shared/RedirectToLogin.razor
+++ b/src/Components/Blazor/testassets/Wasm.Authentication.Client/Shared/RedirectToLogin.razor
@@ -1,6 +1,6 @@
 @inject NavigationManager Navigation
 @using Microsoft.Extensions.Options
-@inject IOptions<RemoteAuthenticationOptions<OidcProviderOptions>> Options
+@inject IOptions<RemoteAuthenticationOptions<ApiAuthorizationProviderOptions>> Options
 @code {
 
     protected override void OnInitialized()
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Client.csproj.in b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Client.csproj.in
index d1a3d37097..900cbc93e2 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Client.csproj.in
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Client.csproj.in
@@ -11,6 +11,8 @@
     <PackageReference Include="Microsoft.AspNetCore.Blazor.Build" Version="${MicrosoftAspNetCoreBlazorBuildPackageVersion}" PrivateAssets="all" />
     <PackageReference Include="Microsoft.AspNetCore.Blazor.DevServer" Version="${MicrosoftAspNetCoreBlazorDevServerPackageVersion}" PrivateAssets="all" />
     <PackageReference Include="Microsoft.AspNetCore.Blazor.HttpClient" Version="${MicrosoftAspNetCoreBlazorHttpClientPackageVersion}" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="${MicrosoftAspNetCoreComponentsWebAssemblyAuthenticationPackageVersion}" Condition="'$(IndividualLocalAuth)' == 'true'" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="${MicrosoftAspNetCoreComponentsWebAssemblyAuthenticationPackageVersion}" Condition="'$(OrganizationalAuth)' == 'true' OR '$(IndividualB2CAuth)' == 'true'" />
   </ItemGroup>
 
   <!--#if Hosted -->
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Server.csproj.in b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Server.csproj.in
index a48aef3032..59f0c32391 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Server.csproj.in
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/BlazorWasm-CSharp.Server.csproj.in
@@ -3,6 +3,11 @@
   <PropertyGroup>
     <TargetFramework>${DefaultNetCoreTargetFramework}</TargetFramework>
     <DisableImplicitComponentsAnalyzers>true</DisableImplicitComponentsAnalyzers>
+    <UserSecretsId Condition="'$(IndividualAuth)' == 'True' OR '$(OrganizationalAuth)' == 'True'">BlazorWasm-CSharp.Server-53bc9b9d-9d6a-45d4-8429-2a2761773502</UserSecretsId>
+    <WebProject_DirectoryAccessLevelKey Condition="'$(OrganizationalAuth)' == 'True' AND '$(OrgReadAccess)' != 'True'">0</WebProject_DirectoryAccessLevelKey>
+    <WebProject_DirectoryAccessLevelKey Condition="'$(OrganizationalAuth)' == 'True' AND '$(OrgReadAccess)' == 'True'">1</WebProject_DirectoryAccessLevelKey>
+    <NoDefaultLaunchSettingsFile Condition="'$(ExcludeLaunchSettings)' == 'True'">True</NoDefaultLaunchSettingsFile>
+    <RootNamespace Condition="'$(name)' != '$(name{-VALUE-FORMS-}safe_namespace)'">BlazorWasm-CSharp.Server</RootNamespace>
   </PropertyGroup>
 
   <ItemGroup>
@@ -14,4 +19,28 @@
     <ProjectReference Include="..\Shared\BlazorWasm-CSharp.Shared.csproj" />
   </ItemGroup>
 
+  <!--#if (IndividualLocalAuth && !UseLocalDB) -->
+  <ItemGroup>
+    <None Update="app.db" CopyToOutputDirectory="PreserveNewest" ExcludeFromSingleFile="true" />
+  </ItemGroup>
+
+  <!--#endif -->
+  <!--#if (IndividualLocalAuth) -->
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="${MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion}" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="${MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion}" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="${MicrosoftAspNetCoreIdentityUIPackageVersion}" />
+    <PackageReference Include="Microsoft.AspNetCore.ApiAuthorization.IdentityServer" Version="${MicrosoftAspNetCoreApiAuthorizationIdentityServerPackageVersion}" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="${MicrosoftEntityFrameworkCoreSqlServerPackageVersion}" Condition="'$(UseLocalDB)' == 'True'" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="${MicrosoftEntityFrameworkCoreSqlitePackageVersion}" Condition="'$(UseLocalDB)' != 'True'" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="${MicrosoftEntityFrameworkCoreToolsPackageVersion}" />
+  </ItemGroup>
+  <!--#endif -->
+  <!--#if (OrganizationalAuth || IndividualB2CAuth) -->
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="${MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion}" Condition="'$(OrganizationalAuth)' == 'True'" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="${MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion}" Condition="'$(IndividualB2CAuth)' == 'True'" />
+  </ItemGroup>
+  <!--#endif -->
+
 </Project>
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/Microsoft.AspNetCore.Blazor.Templates.csproj b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/Microsoft.AspNetCore.Blazor.Templates.csproj
index 87dd8aaf45..c2f9d0dd13 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/Microsoft.AspNetCore.Blazor.Templates.csproj
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/Microsoft.AspNetCore.Blazor.Templates.csproj
@@ -18,20 +18,31 @@
       MicrosoftAspNetCoreBlazorBuildPackageVersion=$(MicrosoftAspNetCoreBlazorBuildPackageVersion);
       MicrosoftAspNetCoreBlazorDevServerPackageVersion=$(MicrosoftAspNetCoreBlazorDevServerPackageVersion);
       MicrosoftAspNetCoreBlazorHttpClientPackageVersion=$(MicrosoftAspNetCoreBlazorHttpClientPackageVersion);
-      MonoWebAssemblyInteropPackageVersion=$(MonoWebAssemblyInteropPackageVersion);
-      MicrosoftEntityFrameworkCoreSqlServerPackageVersion=$(MicrosoftEntityFrameworkCoreSqlServerPackageVersion);
       MicrosoftAspNetCoreBlazorServerPackageVersion=$(MicrosoftAspNetCoreBlazorServerPackageVersion);
+      MicrosoftAspNetCoreComponentsAuthorizationPackageVersion=$(MicrosoftAspNetCoreComponentsAuthorizationPackageVersion);
+      MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion=$(MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion);
+      MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion=$(MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion);
+      MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion=$(MicrosoftAspNetCoreAuthenticationAzureADUIPackageVersion);
+      MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion=$(MicrosoftAspNetCoreAuthenticationAzureADB2CUIPackageVersion);
+      MicrosoftAspNetCoreIdentityUIPackageVersion=$(MicrosoftAspNetCoreIdentityUIPackageVersion);
+      MicrosoftAspNetCoreApiAuthorizationIdentityServerPackageVersion=$(MicrosoftAspNetCoreApiAuthorizationIdentityServerPackageVersion);
+      MicrosoftEntityFrameworkCoreSqlServerPackageVersion=$(MicrosoftEntityFrameworkCoreSqlServerPackageVersion);
+      MicrosoftEntityFrameworkCoreSqlitePackageVersion=$(MicrosoftEntityFrameworkCoreSqlitePackageVersion);
+      MicrosoftEntityFrameworkCoreToolsPackageVersion=$(MicrosoftEntityFrameworkCoreToolsPackageVersion);
+      MonoWebAssemblyInteropPackageVersion=$(MonoWebAssemblyInteropPackageVersion);
     </GeneratedContentProperties>
   </PropertyGroup>
 
   <ItemGroup>
     <!-- These projects product packages that the templates depend on. See GenerateContent.targets -->
     <PackageVersionVariableReference Include="$(BlazorProjectsRoot)Blazor\src\Microsoft.AspNetCore.Blazor.csproj" />
+    <PackageVersionVariableReference Include="$(BlazorProjectsRoot)Blazor\src\Microsoft.AspNetCore.Blazor.csproj" />
     <PackageVersionVariableReference Include="$(BlazorProjectsRoot)Build\src\Microsoft.AspNetCore.Blazor.Build.csproj" />
     <PackageVersionVariableReference Include="$(BlazorProjectsRoot)DevServer\src\Microsoft.AspNetCore.Blazor.DevServer.csproj" />
     <PackageVersionVariableReference Include="$(BlazorProjectsRoot)Http\src\Microsoft.AspNetCore.Blazor.HttpClient.csproj" />
     <PackageVersionVariableReference Include="$(BlazorProjectsRoot)Mono.WebAssembly.Interop\src\Mono.WebAssembly.Interop.csproj" />
     <PackageVersionVariableReference Include="$(BlazorProjectsRoot)Server\src\Microsoft.AspNetCore.Blazor.Server.csproj" />
+    <PackageVersionVariableReference Include="$(BlazorProjectsRoot)WebAssembly.Authentication\src\Microsoft.AspNetCore.Components.WebAssembly.Authentication.csproj" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/dotnetcli.host.json b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/dotnetcli.host.json
index be1ce91d66..385235d25a 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/dotnetcli.host.json
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/dotnetcli.host.json
@@ -13,6 +13,78 @@
     },
     "Framework": {
       "longName": "framework"
+    },
+    "UseLocalDB": {
+      "longName": "use-local-db"
+    },
+    "AADInstance": {
+      "longName": "aad-instance",
+      "shortName": ""
+    },
+    "AAdB2CInstance": {
+      "longName": "aad-b2c-instance",
+      "shortName": "",
+      "isHidden": true
+    },
+    "SignUpSignInPolicyId": {
+      "longName": "susi-policy-id",
+      "shortName": "ssp",
+      "isHidden": true
+    },
+    "OrgReadAccess": {
+      "longName": "org-read-access",
+      "shortName": "r",
+      "isHidden": true
+    },
+    "ClientId": {
+      "longName": "client-id",
+      "shortName": ""
+    },
+    "AppIDUri": {
+      "longName": "app-id-uri",
+      "shortName": "",
+      "isHidden": true
+    },
+    "APIClientId": {
+      "longName": "api-client-id",
+      "shortName": "",
+      "isHidden": true
+    },
+    "Domain": {
+      "longName": "domain",
+      "shortName": "",
+      "isHidden": true
+    },
+    "TenantId": {
+      "longName": "tenant-id",
+      "shortName": "",
+      "isHidden": true
+    },
+    "DefaultScope": {
+      "longName": "default-scope",
+      "shortName": "s",
+      "isHidden": true
+    },
+    "Authority": {
+      "longName": "authority",
+      "shortName": ""
+    },
+    "HttpPort": {
+      "isHidden": true
+    },
+    "HttpsPort": {
+      "isHidden": true
+    },
+    "ExcludeLaunchSettings": {
+      "longName": "exclude-launch-settings",
+      "shortName": ""
+    },
+    "UserSecretsId": {
+      "isHidden": true
+    },
+    "NoHttps": {
+      "longName": "no-https",
+      "shortName": ""
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/template.json b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/template.json
index 73de9b1a06..4922a0076a 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/template.json
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/template.json
@@ -15,7 +15,9 @@
     "4C26868E-5E7C-458D-82E3-040509D0C71F",
     "5990939C-7E7B-4CFA-86FF-44CA5756498A",
     "650B3CE7-2E93-4CC4-9F46-466686815EAA",
-    "0AFFA7FD-4E37-4636-AB91-3753E746DB98"
+    "0AFFA7FD-4E37-4636-AB91-3753E746DB98",
+    "09732173-2cef-46b7-83db-1334bcb079d3", // Tenant ID
+    "53bc9b9d-9d6a-45d4-8429-2a2761773502" // Client ID
   ],
   "identity": "Microsoft.Web.Blazor.Wasm.CSharp",
   "preferNameDirectory": true,
@@ -82,6 +84,125 @@
             "Client/wwwroot/manifest.json",
             "Client/wwwroot/icon-512.png"
           ]
+        },
+        {
+          "condition": "(!IndividualLocalAuth || UseLocalDB)",
+          "exclude": [
+            "Server/app.db"
+          ]
+        },
+        {
+          "condition": "(!IndividualLocalAuth)",
+          "exclude": [
+            "Server/Data/SqlLite/**",
+            "Server/Data/SqlServer/**",
+            "Server/Data/ApplicationDbContext.cs",
+            "Server/Areas/**"
+          ]
+        },
+        {
+          "condition": "(IndividualLocalAuth && UseLocalDB)",
+          "rename": {
+            "Server/Data/SqlServer/": "Server/Data/Migrations/"
+          },
+          "exclude": [
+            "Server/Data/SqlLite/**"
+          ]
+        },
+        {
+          "condition": "(IndividualLocalAuth && !UseLocalDB)",
+          "rename": {
+            "Server/Data/SqlLite/": "Server/Data/Migrations/"
+          },
+          "exclude": [
+            "Server/Data/SqlServer/**"
+          ]
+        },
+        {
+          "condition": "(Hosted && NoAuth)",
+          "rename": {
+            "Client/Shared/MainLayout.NoAuth.razor": "Client/Shared/MainLayout.razor"
+          },
+          "exclude": [
+            "Client/Pages/Authentication.razor",
+            "Client/Shared/LoginDisplay.*.razor",
+            "Client/Shared/MainLayout.Auth.razor",
+            "Client/Shared/RedirectToLogin.razor"
+          ]
+        },
+        {
+          "condition": "(Hosted && !NoAuth)",
+          "rename": {
+            "Client/Shared/MainLayout.Auth.razor": "Client/Shared/MainLayout.razor"
+          },
+          "exclude": [
+            "Client/Shared/MainLayout.NoAuth.razor"
+          ]
+        },
+        {
+          "condition": "(Hosted && IndividualLocalAuth)",
+          "rename": {
+            "Client/Shared/LoginDisplay.IndividualLocalAuth.razor": "Client/Shared/LoginDisplay.razor"
+          },
+          "exclude": [
+            "Client/Shared/LoginDisplay.IndividualMsalAuth.razor"
+          ]
+        },
+        {
+          "condition": "(Hosted && (IndividualB2CAuth || OrganizationalAuth))",
+          "rename": {
+            "Client/Shared/LoginDisplay.IndividualMsalAuth.razor": "Client/Shared/LoginDisplay.razor"
+          },
+          "exclude": [
+            "Client/Shared/LoginDisplay.IndividualLocalAuth.razor"
+          ]
+        },
+        {
+          "condition": "(!Hosted && NoAuth)",
+          "rename": {
+            "Client/Shared/MainLayout.NoAuth.razor": "Shared/MainLayout.razor"
+          },
+          "exclude": [
+            "Client/Pages/Authentication.razor",
+            "Client/Shared/LoginDisplay.*.razor",
+            "Client/Shared/MainLayout.Auth.razor",
+            "Client/Shared/RedirectToLogin.razor"
+          ]
+        },
+        {
+          "condition": "(!Hosted && !NoAuth)",
+          "rename": {
+            "Client/Shared/MainLayout.Auth.razor": "Shared/MainLayout.razor"
+          },
+          "exclude": [
+            "Client/Shared/MainLayout.NoAuth.razor"
+          ]
+        },
+        {
+          "condition": "(!Hosted && IndividualLocalAuth)",
+          "rename": {
+            "Client/Shared/LoginDisplay.IndividualLocalAuth.razor": "Shared/LoginDisplay.razor"
+          },
+          "exclude": [
+            "Client/Shared/LoginDisplay.IndividualMsalAuth.razor"
+          ]
+        },
+        {
+          "condition": "(!Hosted && (IndividualB2CAuth || OrganizationalAuth))",
+          "rename": {
+            "Client/Shared/LoginDisplay.IndividualMsalAuth.razor": "Shared/LoginDisplay.razor"
+          },
+          "exclude": [
+            "Client/Shared/LoginDisplay.IndividualLocalAuth.razor"
+          ]
+        },
+        {
+          "condition": "(!IndividualLocalAuth || !Hosted)",
+          "exclude": [
+            "Server/Areas/Identity/Pages/Shared/_LoginPartial.cshtml",
+            "Server/Controllers/OidcConfigurationController.cs",
+            "Server/Models/ApplicationUser.cs"
+          ]
         }
       ]
     }
@@ -116,6 +237,112 @@
       "defaultValue": "false",
       "description": "If specified, includes an ASP.NET Core host for the Blazor app."
     },
+    "auth": {
+      "type": "parameter",
+      "datatype": "choice",
+      "choices": [
+        {
+          "choice": "None",
+          "description": "No authentication"
+        },
+        {
+          "choice": "Individual",
+          "description": "Individual authentication"
+        },
+        {
+          "choice": "IndividualB2C",
+          "description": "Individual authentication with Azure AD B2C"
+        },
+        {
+          "choice": "SingleOrg",
+          "description": "Organizational authentication for a single tenant"
+        }
+      ],
+      "defaultValue": "None",
+      "description": "The type of authentication to use"
+    },
+    "Authority": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "https://login.microsoftonline.com/",
+      "description": "The authority of the OIDC provider (use with standalone Individual auth)."
+    },
+    "AAdB2CInstance": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "https:////aadB2CInstance.b2clogin.com/",
+      "description": "The Azure Active Directory B2C instance to connect to (use with IndividualB2C auth)."
+    },
+    "SignUpSignInPolicyId": {
+      "type": "parameter",
+      "datatype": "string",
+      "defaultValue": "",
+      "replaces": "MySignUpSignInPolicyId",
+      "description": "The sign-in and sign-up policy ID for this project (use with IndividualB2C auth)."
+    },
+    "AADInstance": {
+      "type": "parameter",
+      "datatype": "string",
+      "defaultValue": "https://login.microsoftonline.com/",
+      "replaces": "https:////login.microsoftonline.com/",
+      "description": "The Azure Active Directory instance to connect to (use with SingleOrg)."
+    },
+    "ClientId": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "33333333-3333-3333-33333333333333333",
+      "description": "The Client ID for this project (use with IndividualB2C, SingleOrg or Individual auth in standalone scenarios)."
+    },
+    "Domain": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "qualified.domain.name",
+      "description": "The domain for the directory tenant (use with SingleOrg or IndividualB2C auth)."
+    },
+    "AppIDUri": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "api.id.uri",
+      "description": "The App ID Uri for the server API we want to call (use with SingleOrg or IndividualB2C auth)."
+    },
+    "APIClientId": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "11111111-1111-1111-11111111111111111",
+      "description": "The Client ID for the API that the server hosts (use with IndividualB2C, SingleOrg)."
+    },
+    "DefaultScope": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "api-scope",
+      "defaultValue": "user_impersonation",
+      "description": "The API scope the client needs to request to provision an access token. (use with IndividualB2C, SingleOrg)."
+    },
+    "TenantId": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "22222222-2222-2222-2222-222222222222",
+      "description": "The TenantId ID of the directory to connect to (use with SingleOrg auth)."
+    },
+    "OrgReadAccess": {
+      "type": "parameter",
+      "datatype": "bool",
+      "defaultValue": "false",
+      "description": "Whether or not to allow this application read access to the directory (only applies to SingleOrg)."
+    },
+    "UserSecretsId": {
+      "type": "parameter",
+      "datatype": "string",
+      "replaces": "aspnet-BlazorServerWeb-CSharp-53bc9b9d-9d6a-45d4-8429-2a2761773502",
+      "defaultValue": "aspnet-BlazorServerWeb-CSharp-53bc9b9d-9d6a-45d4-8429-2a2761773502",
+      "description": "The ID to use for secrets (use with OrgReadAccess or Individual auth)."
+    },
+    "ExcludeLaunchSettings": {
+      "type": "parameter",
+      "datatype": "bool",
+      "defaultValue": "false",
+      "description": "Whether to exclude launchSettings.json from the generated template."
+    },
     "HttpPort": {
       "type": "parameter",
       "datatype": "integer",
@@ -161,6 +388,58 @@
       "datatype": "bool",
       "defaultValue": "false",
       "description": "If specified, produces a Progressive Web Application (PWA) supporting installation and offline use."
+    },
+    "OrganizationalAuth": {
+      "type": "computed",
+      "value": "(auth == \"SingleOrg\" || auth == \"MultiOrg\")"
+    },
+    "MultiOrgAuth": {
+      "type": "computed",
+      "value": "(auth == \"MultiOrg\")"
+    },
+    "SingleOrgAuth": {
+      "type": "computed",
+      "value": "(auth == \"SingleOrg\")"
+    },
+    "IndividualLocalAuth": {
+      "type": "computed",
+      "value": "(auth == \"Individual\")"
+    },
+    "IndividualAuth": {
+      "type": "computed",
+      "value": "(auth == \"Individual\" || auth == \"IndividualB2C\")"
+    },
+    "IndividualB2CAuth": {
+      "type": "computed",
+      "value": "(auth == \"IndividualB2C\")"
+    },
+    "NoAuth": {
+      "type": "computed",
+      "value": "(!(IndividualAuth || OrganizationalAuth))"
+    },
+    "RequiresHttps": {
+      "type": "computed",
+      "value": "(OrganizationalAuth || IndividualAuth || !NoHttps)"
+    },
+    "NoHttps": {
+      "type": "parameter",
+      "datatype": "bool",
+      "defaultValue": "false",
+      "description": "Whether to turn off HTTPS. This option only applies if Individual, IndividualB2C, SingleOrg, or MultiOrg aren't used for --auth."
+    },
+    "UseLocalDB": {
+      "type": "parameter",
+      "datatype": "bool",
+      "defaultValue": "false",
+      "description": "Whether to use LocalDB instead of SQLite. This option only applies if --auth Individual or --auth IndividualB2C is specified."
+    },
+    "copyrightYear": {
+      "type": "generated",
+      "generator": "now",
+      "replaces": "copyrightYear",
+      "parameters": {
+        "format": "yyyy"
+      }
     }
   },
   "tags": {
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/vs-2017.3.host.json b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/vs-2017.3.host.json
index b87413a03f..114a96d677 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/vs-2017.3.host.json
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/.template.config/vs-2017.3.host.json
@@ -18,6 +18,30 @@
   "additionalWizardParameters": {
     "$isMultiProjectTemplate$": "true"
   },
+  "supportedAuthentications": [
+    {
+      "auth": "None",
+      "authenticationType": "NoAuth",
+      "allowUnsecured": true
+    },
+    {
+      "auth": "Individual",
+      "authenticationType": "IndividualAuth",
+      "b2cAuthenticationOptions": "Local"
+    }
+  ],
+  "ports": [
+    {
+      "name": "HttpPort",
+      "useHttps": false
+    },
+    {
+      "name": "HttpsPort",
+      "useHttps": true
+    }
+  ],
+  "excludeLaunchSettings": false,
+  "disableHttpsSymbol": "NoHttps",
   "symbolInfo": [
     {
       "id": "Hosted",
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/App.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/App.razor
index 1c360b7121..9e038086ae 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/App.razor
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/App.razor
@@ -1,4 +1,5 @@
-<Router AppAssembly="@typeof(Program).Assembly">
+@*#if (NoAuth)
+<Router AppAssembly="@typeof(Program).Assembly">
     <Found Context="routeData">
         <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
     </Found>
@@ -8,3 +9,21 @@
         </LayoutView>
     </NotFound>
 </Router>
+#else
+<CascadingAuthenticationState>
+    <Router AppAssembly="@typeof(Program).Assembly">
+        <Found Context="routeData">
+            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
+                <NotAuthorized>
+                    <RedirectToLogin />
+                </NotAuthorized>
+            </AuthorizeRouteView>
+        </Found>
+        <NotFound>
+            <LayoutView Layout="@typeof(MainLayout)">
+                <p>Sorry, there's nothing at this address.</p>
+            </LayoutView>
+        </NotFound>
+    </Router>
+</CascadingAuthenticationState>
+#endif*@
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/Authentication.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/Authentication.razor
new file mode 100644
index 0000000000..ec9aa2f865
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/Authentication.razor
@@ -0,0 +1,7 @@
+@page "/authentication/{action}"
+@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+<RemoteAuthenticatorView Action="@Action" />
+
+@code{
+    [Parameter] public string Action { get; set; }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/FetchData.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/FetchData.razor
index 0faf18fefd..e8f469cb16 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/FetchData.razor
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Pages/FetchData.razor
@@ -1,8 +1,19 @@
 @page "/fetchdata"
+@*#if  (!NoAuth && Hosted)
+@using Microsoft.AspNetCore.Authorization
+@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+@inject IAccessTokenProvider AuthenticationService
+@inject NavigationManager Navigation
+#endif*@
 @*#if  (Hosted)
 @using BlazorWasm_CSharp.Shared
 #endif*@
+@*#if  (!NoAuth && Hosted)
+@attribute [Authorize]
+#endif*@
+@*#if  (NoAuth || !Hosted)
 @inject HttpClient Http
+#endif*@
 
 <h1>Weather forecast</h1>
 
@@ -43,7 +54,25 @@ else
     protected override async Task OnInitializedAsync()
     {
         @*#if (Hosted)
+            @*#if (!NoAuth)
+        var httpClient = new HttpClient();
+        httpClient.BaseAddress = new Uri(Navigation.BaseUri);
+
+        var tokenResult = await AuthenticationService.RequestAccessToken();
+
+        if (tokenResult.TryGetToken(out var token))
+        {
+            httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {token.Value}");
+            forecasts = await httpClient.GetJsonAsync<WeatherForecast[]>("WeatherForecast");
+        }
+        else
+        {
+            Navigation.NavigateTo(tokenResult.RedirectUrl);
+        }
+
+            #else
         forecasts = await Http.GetJsonAsync<WeatherForecast[]>("WeatherForecast");
+            #endif*@
         #else
         forecasts = await Http.GetJsonAsync<WeatherForecast[]>("sample-data/weather.json");
         #endif*@
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Program.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Program.cs
index 5790d212dc..8b7b1657eb 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Program.cs
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Program.cs
@@ -18,6 +18,42 @@ namespace BlazorWasm_CSharp
             var builder = WebAssemblyHostBuilder.CreateDefault(args);
             builder.RootComponents.Add<App>("app");
 
+            // use builder.Services to configure application services.
+#if (IndividualLocalAuth)
+    #if (Hosted)
+            builder.Services.AddApiAuthorization();
+    #else
+            builder.Services.AddOidcAuthentication(options =>
+            {
+                options.ProviderOptions.Authority = "https://login.microsoftonline.com/";
+                options.ProviderOptions.ClientId = "33333333-3333-3333-33333333333333333";
+            });
+    #endif
+#endif
+#if (IndividualB2CAuth)
+            builder.Services.AddMsalSpaAuthentication(options =>
+            {
+                var authentication = options.ProviderOptions.Authentication;
+                authentication.Authority = "https:////aadB2CInstance.b2clogin.com/qualified.domain.name/MySignUpSignInPolicyId";
+                authentication.ClientId = "33333333-3333-3333-33333333333333333";
+                authentication.ValidateAuthority = false;
+#if (Hosted)
+                options.ProviderOptions.DefaultAccessTokenScopes.Add("https://qualified.domain.name/api.id.uri/api-scope");
+#endif
+            });
+#endif
+#if(OrganizationalAuth)
+            builder.Services.AddMsalSpaAuthentication(options =>
+            {
+                var authentication = options.ProviderOptions.Authentication;
+                authentication.Authority = "https://login.microsoftonline.com/22222222-2222-2222-2222-222222222222";
+                authentication.ClientId = "33333333-3333-3333-33333333333333333";
+#if (Hosted)
+                options.ProviderOptions.DefaultAccessTokenScopes.Add("api://api.id.uri/api-scope");
+#endif
+            });
+#endif
+
             await builder.Build().RunAsync();
         }
     }
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualLocalAuth.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualLocalAuth.razor
new file mode 100644
index 0000000000..7cee41dcd0
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualLocalAuth.razor
@@ -0,0 +1,34 @@
+@using Microsoft.AspNetCore.Components.Authorization
+@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+
+@inject NavigationManager Navigation
+@inject SignOutSessionStateManager SignOutManager
+
+<AuthorizeView>
+@*#if (Hosted)
+    <Authorized>
+        <a href="authentication/profile">Hello, @context.User.Identity.Name!</a>
+        <button class="nav-link btn btn-link" @onclick="BeginSignOut">Log out</button>
+    </Authorized>
+    <NotAuthorized>
+        <a href="authentication/register">Register</a>
+        <a href="authentication/login">Log in</a>
+    </NotAuthorized>
+  #else
+    <Authorized>
+        Hello, @context.User.Identity.Name!
+        <button class="nav-link btn btn-link" @onclick="BeginSignOut">Log out</button>
+    </Authorized>
+    <NotAuthorized>
+        <a href="authentication/login">Log in</a>
+    </NotAuthorized>
+##endif*@
+</AuthorizeView>
+
+@code{
+    private async Task BeginSignOut(MouseEventArgs args)
+    {
+        await SignOutManager.SetSignOutState();
+        Navigation.NavigateTo("authentication/logout");
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualMsalAuth.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualMsalAuth.razor
new file mode 100644
index 0000000000..1ecb6b2024
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/LoginDisplay.IndividualMsalAuth.razor
@@ -0,0 +1,23 @@
+@using Microsoft.AspNetCore.Components.Authorization
+@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+
+@inject NavigationManager Navigation
+@inject SignOutSessionStateManager SignOutManager
+
+<AuthorizeView>
+    <Authorized>
+        Hello, @context.User.Identity.Name!
+        <button class="nav-link btn btn-link" @onclick="BeginLogout">Log out</button>
+    </Authorized>
+    <NotAuthorized>
+        <a href="authentication/login">Log in</a>
+    </NotAuthorized>
+</AuthorizeView>
+
+@code{
+    private async Task BeginLogout(MouseEventArgs args)
+    {
+        await SignOutManager.SetSignOutState();
+        Navigation.NavigateTo("authentication/logout");
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.Auth.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.Auth.razor
new file mode 100644
index 0000000000..fafa2f55f1
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.Auth.razor
@@ -0,0 +1,16 @@
+@inherits LayoutComponentBase
+
+<div class="sidebar">
+    <NavMenu />
+</div>
+
+<div class="main">
+    <div class="top-row px-4 auth">
+        <LoginDisplay />
+        <a href="https://docs.microsoft.com/aspnet/" target="_blank">About</a>
+    </div>
+
+    <div class="content px-4">
+        @Body
+    </div>
+</div>
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.NoAuth.razor
similarity index 100%
rename from src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.razor
rename to src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/MainLayout.NoAuth.razor
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/RedirectToLogin.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/RedirectToLogin.razor
new file mode 100644
index 0000000000..7fa0d95baf
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/Shared/RedirectToLogin.razor
@@ -0,0 +1,8 @@
+@inject NavigationManager Navigation
+@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+@code {
+    protected override void OnInitialized()
+    {
+        Navigation.NavigateTo($"authentication/login?returnUrl={Navigation.Uri}");
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/_Imports.razor b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/_Imports.razor
index 912a5070c2..fa501010b9 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/_Imports.razor
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/_Imports.razor
@@ -1,4 +1,7 @@
 @using System.Net.Http
+@*#if (!NoAuth)
+@using Microsoft.AspNetCore.Components.Authorization
+#endif*@
 @using Microsoft.AspNetCore.Components.Forms
 @using Microsoft.AspNetCore.Components.Routing
 @using Microsoft.AspNetCore.Components.Web
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/wwwroot/favicon.ico b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/wwwroot/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..a3a799985c43bc7309d701b2cad129023377dc71
GIT binary patch
literal 32038
zcmeHwX>eTEbtY7aYbrGrkNjgie?1jXjZ#zP%3n{}GObKv$BxI7Sl;Bwl5E+Qtj&t8
z*p|m4DO#HoJC-FyvNnp8NP<{Na0LMnTtO21(rBP}?EAiNjWgeO?z`{3ZoURUQlV2d
zY1Pqv{m|X_oO91|?^z!6@@~od!@OH>&BN;>c@O+yUfy5w>LccTKJJ&`-k<%M^Zvi(
z<$dKp=jCnNX5Qa+M_%6g|IEv~4R84q9|7E=|Ho(Wz3f-0wPjaRL;W*N^>q%^KGRr7
zxbjSORb_c&eO;oV_DZ7ua!sPH=0c+W;`vzJ#j~-x3uj};50#vqo*0w4!LUqs*UCh9
zvy2S%$#8$K4EOa&e@~aBS65_hc~Mpu=454VT2^KzWqEpBA=ME|O;1cn?8p<+{MKJf
zbK#@1wzL44m$k(?85<eW@6XRp%jD>=Obido7=C|xWKe%66$z)NrzRwR>?hK?_bbwT
z@Da?lBrBL}Zemo1@!9pYRau&!ld17h{f+UV0sY(R{ET$PBB|-=Nr@l-nY6w8HEAw*
zRMIQU`24Jl_IFEPcS=_HdrOP5yf81z_?@M>83Vv65$Q<HOixSl<aTM__jl4#^thzg
zR%8kDj}7!lG~6zIy}i=c(}UmYmfr3z>Fr9nP<Q2WYG!6yx=!tqj{N(it>g(wr`Ke8
zaY4ogdnMA*F7a4Q1_uXadTLUpCk;$ZPRRJ^sMOch;rlbvUGc1R9=u;dr9YANbQ<4Z
z#P|Cp9BP$FXNPolgyr1XGt$^lFPF}rmBF5rj1Kh5%dforrP<k8>8W}_qJ<Ai`=Ou7
z`ue&ogWfUli9DMc8&O<H4|y`$*Ck6>L$2qMBS-#%-|s#BPZBSETsn_EBYcr(W5dq(
z@f%}<eeQ3J;Ww5b2VCRhCywj)`%eE_;>C|iN7)YN`^)<MX{;gTi@1yp^{2@b;(+g`
zAt&imr^?OutN&RNC7A!n)B63jwKbWao5ecJ%hKY!EZ~|jkF}#Ltw6^3x5~;&{eFM-
zi;^sTLgE!Ky7P}i#{58fMnFeDcsGT0=<Dl~`uh4mC;g*M#nOM~MM+)Qlk@xhE}^NZ
zQ9_}Rw6?bH#)oeiA0L;6g#`s(=X#N*<>h7R?Cg}Do*w-!zwZb9=BMp%Wsh@nb22hA
zA{`wa8Q;yz6S)zfo%sl08^GF`9csI9BlGnEy#0^Y3b);M+n<(}6jziM7nhe57a1rj
zC@(2ISYBL^UtWChKzVWgf%4LW2Tqg_^7jMw`C$KvU+mcakFjV(BGAW9g%CzSyM;Df
z143=mq0oxaK-H;o>F<Rt1N8OKCQyfy(wj_3Pa+10N>3~zJ<(3-j&?|QBn)WJfP#JR
zRuA;`N?L83wQt78QIA$(Z)lGQY9r^SFal;LB^qi`8%8@y+mwcGsf~nv)bBy2S7z~9
z=;X@Gglk)^jpbNz?1;`!J3QUfAOp4U$Uxm5>92iT`mek#$>s`)M>;e4<M8Hm<td$i
zo%63^{uMj_JZyl2H|=@`4jvvW(-Ts0+?#)(Zm%@H_UF>{#%HAAcb^8_Ax%ersk|}#
z0bd;ZPu|2}18KtvmIo8`1@H~@2ejwo(5rFS`Z4&O{$$+ch2hC0=06Jh`@p+p8LZzY
z&2M~8T6X^*X?yQ$3N5EzRv$(FtSxhW>>ABUyp!{<Wz0W0IwJGaQ;Ngf)HrbH_i%t+
zRbG%E4pf{tRz1*<`LTY34f{a*UrA^`{Keb<8-DNe(tP~azWFT<h7USFe1h^|)$m|)
zY*glF%>484f8(%C1_y)3D%Qgfl_!sz`LTXOjR&L!zPA0qH_iNS!tY{!^2WfD%uT}P
zI<~&?@&))5&hPPHVRl9);TPO>@UI2d!^ksb!$9T96V(F){puTsn(}qt_WXNw4VvHj
zf;6A_XCvE`Z@}E-IOaG0rs>K>^=Sr&OgT_p;F@v0VCN0Y$r|Lw1?Wjt`AKK~RT*kJ
z2>QPuVgLNcF+XKn<s0*3P3iB*gT^a0vIzTZU|trn2Uv9c3Hh)9f3g4{&h?nbULpvN
z96n^`Pp`^wOQE#w`Lc8replMCXK8)sOVV=kx5^vt9Vp{-(Alv;%nuxzF#i;MKYb4U
zzQV*feDk<Wj*l6DJWwXMCX~$yAMpLrvcuJb0|Uy(;g%w4-TgPxaq!#HhPhjz2Q4Rm
zgZUv_3Y>o;WBv$yj@d_WFJbl*#*V_Cwzo@%3n5%z4g21G*PVZ)wM5$A{klYozmGlB
zT@u2+s}=f}25%IA!yNcXUr!!1)z(Nqbhojg0lv@7@0UlvUMT)*r;M$d0-t)Z?<y`V
ztR5U35HLVSIse|TN~8$;o%g;jAzZhXzwF3Z8snPGVLi>B1@qQk()o!4fqvfr_I0r7
zy1(NdkHEj#Yu{K>T#We#b#FD=c1XhS{hdTh9+8gy-vkcdkk*QS@y(xxEMb1w6z<^~
zYcETGfB#ibR#ql0EiD;PR$L&Vrh2uRv5t_$;NxC;>7_S5_OXxsi8udY3BUUdi55Sk
zcyKM+PQ9YMA%D1kH1q48OFG(Gbl=FmV;yk8o>k%0$rJ8%-IYsHclnYuTskka<HNc)
zw7%ikv18A{=YN3n^EKXnL?Q>iCGkUlkMY~mx&K}XRlKIW;odWIeuKjtbc^8bBOTqK
zjj(ot`_j?A6y_h%vxE9o*ntx#PGrnK7AljD_r58ylE<WT-@UlL8}x(!oZA8J5zU^H
z^A9LLlqc{rSK**`!q^J#O?mF{`>*oy@{IY%+mA^!|2vW_`>`aC{#3`#3;D_$^S^cM
zRcF+uTO2sICledvFgNMU@A%M)%8JbSLq{dD|2|2Sg8vvh_uV6*Q?F&rKaV{v_qz&y
z`f;stIb?Cb2!Cg7CG91Bhu@D@RaIrq-+o+T2fwFu#|j>lD6ZS9-t^5cx>p|?flqUA
z;Cgs#V)O#`Aw4$Kr)L5?|7f4izl!;n0jux}tEW$&&YB<mKXAV!4?lsqzpK~nm2X@%
zznz;rn1?^*{QmQRy*7FZTn2bH>Xz9o{+~HhoiYDJ`w5BVTl&ARya=M7zdy$FE<n#M
zl!>e}iGBur8XE>rhLj&_yDk5D4n2GJZ07u7%zyAfNtOLn;)M?h*Py-Xtql5a<V_m;
zgjM+PrKKg|+4S7GbD8ri{bv3|(WAftcJSQ3j463m3!*jX9@l3SwsIJ9$n(_<d<V}-
zdM?8m`TY6woc|B3{h0`#lz73zk}Uaq<w4i6rzBQ)?7HUX-1c18+m(<moCSvAXLye5
zh5c`8YLaL)x*b1$i#PuXiRV8kiNc2^j&+D1gdfb}|5oTH&30~%=gw3MWL>JOtL4<G
zQ+geX#i}{CfBuEhxKIYkhY836$5h(|e8hWgX@2-7&O3^caOQNC+RsJA9=Z|lz!|j~
zzv!M%E&bjs-ql8b^FEb%#q+R*m6a8_c=4j1p}V@eu9_R)yao8k1Y%7=kV>U8e|!t?
z((sc6&OJXrPdVef^wZV&x=Z&~uA7^ix8rly^rEj?#d&~pQ{HN8Yq|fZ#*bXn-26P^
z5!)xRzYO9{u6vx5@q_{FE4#7BipS#{&J7*>y}lTyV94}dfE%Yk>@@pDe&F7J09<pd
zBG-35{NWG(mj@qs;K5x_@BH1ar=NZmqYF>(-0|wuI|$of-MRfK51#t@t2+U|*s=W;
z!Y&t{dS%!4VEEi$efA!#<<7&04?kB}Soprd8*jYv;-Qj~h~4v>{XX~kjF+@Z7<<HU
zYqNw~nxvi3+#u~u4m8wBdt;r18fqQ5f-wkc<;fra!=7j)qI)jCZL`;m=MLi>t?^|i
z#>_ag2i-CRAM8Ret^rZt*^K?`G|o>1o(mLkewxyA)38k93`<~4VFI?5VB!kBh%NNU
zxb8K(^-MU1ImWQxG~nFB-Un;6n{lQz_FfsW9^H$Xcn{;+W^ZcG$0qLM#eNV=vGE@#
z1~k&!h4@T|IiI<47@pS|i?Qcl=XZJL#$JKve;booMqDUYY{(xcdj6STDE=n?;fsS1
ze`h~Q{CT$K{+{t+#*I1=&&-UU8M&}AwAxD-rMa=e!{0gQXP@6azBq9(ji11uJF%@5
zCvV`#*?;ZguQ7o|nH%bm*s&jLej#@B35gy32Z<i}p+w67N1l-O`bz9E2Q&Prl{J&c
zFtWxN6yt(CUz#|WFBayHKRA5RSe_Guv1?%CbBu>AE0`Pz@#j6R&kN5w{O4~1rhDoU
zEBdU)%Nl?8zi|DR((u|gg~r$aLYmGMyK%FO*qLvwxK5+cn*`;O`16c!&&XT{$j~5k
zXb^fbh<puUpgSc4h;a^JPcx88NIwB_wZ3>1GT-CI*Nj{-?r7HNg=e3E{6rxuluPXY
z5Nm8ktc$o4-^SO0|Es_sp!A$8GVwOX+%)cH<;=u#R#nz;7QsHl;J@a{5NUAmAHq4D
zIU5@jT!h?kUp|g~iN*!>jM6K!W5ar0v~fWrSHK@})@6Lh#h<Y-#lOkKs1PG-dHahJ
zM$9B!@NH=agbTkTEj7nH{j+*#V~1D+#UC`_oFZ}Me`Xv{@kczB_^%*-rLiN#^HvZC
zW(<sHDV`^1p=WbA*Ya%3^OlV(W{)pCXZUY^cUfk7fj?qhj5jjg$(WPI9Nz{#c;9@!
z)Zp*vi`o)@{L|5U;-82?ew;X@(E~@0um(f0$%}}ESvgw3SzYA_xsriy$PoeZL|V8W
z{@A2<JtHqX_pFg0#+X+jKYhgiuT=-g|90fanqL15WCybU=I0>)C6F6@)&-+C3(zO!
z8+kV|B7LctM3DpI*~EYo>vCj>_?x&H;>y0*vKwE<xtH<PVcLDjlozY_*>0?vi$CLt
zfSJB##P|M2dEUDBPKW=9cY-F;L;h3Fs4E<eJzSD0o_jT(!I%bYf7s+A4F4S&vU&{u
zGbX8LWQ`N}<B$_Fk65OWB{ME!ZERdNV}zY};koB_$6`_N2)YHB>2ERdN#NSL7ctAC
z?-}_a{*L@GA7JHJudx<WJi9vaTgF5Z9j)pgxL;;`&B{@bE%JPV^=rl!1jcq@Z#B+K
zI|2CR^UoXk0q$!Sf5ta~Z|k1Fh3?+3@pjdRw-9@${9~P5058{|`@~;!oxq)E`a}o(
z8TJsw+Xa=SEL)22TOOnx8*XCLjxTj%)P9=0>tDVA{K5Y<t}S3@pcVZ8Th-w<@*n!!
z{5Iw1^Pc<=f6hypBmP*AsZr+1oqVnGKO_xxS8yg@lnLzHXK^lHLXLT2Y)od6$6zjW
z9C6|q#F-b7CmbIcmKp4m7BvnvBs0jtGR{3Vggi9%Ow@12rlw(+%(c0Xy{wTRCzd-q
z*e0R(?n0dVtJ1#zZi$pWqOotrym_zr!eLj|ROWD&A`Mex27eRR=>h*k(%#x4W7w+^
zcb-+ofbT5ieG+@QG2lx&7!MyE2JWDP@$k`M;0`*d+oQmJ2A^de!3c53HFcfW_Wtv<
zKghQ;*FifmI}kE4dc@1y-u<d{7CivIL!OYgVGO<b{2`UIHP{i#n~qoq@_&@^AO(Z}
z#dBx%d`SP8OeFNo#JyrN5tr_+l*A&Pl8ncsJC&4ZX9w(URJxP6hTSsP33H9_bi)@%
zu_vKVG}rhHu7CFAlP>;@qs|V75Z^|Q0l0?teobTE8t<n*L#~=H98x(W?vyu^e<1&d
zVCNt|KKw6VydWvylS1AzNdOH7;z|Q?cL6+10ul;Q-^lCSu>Gl@EB?k#q_wUjypJ*R
zyEI=DJ^Z+d*&}B_xoWvs27LtH7972qqMxVFcX9}c&JbeNCXUZM0`nQIkf&C}&skSt
z^9fw@b^Hb)!^hE2IJq~~GktG#ZWwWG<`@V&ckVR&r=JAO4YniJewVcG`HF;59}=bf
zLyz0uxf6MhuSyH#-^!ZbHxYl<XIQZKGrvIGxelxgp{*E!yiZR}IrSkt->^mmBVrx)
zyrb8sQ*qBd_WXm9c~Of$&ZP$b^)<~0%nt#7<SN=BJIqx?5B)&%HI%7#(A9E*{D)1a
zzF<__h-;n;xMv$>y$1Jg$e}WCK>TeUB{P>|b1FAB?%K7>;XiOfd}JQ`|IP#Vf%kVy
zXa4;XFZ+>n;F>uX&3|4zqWK2u3c<>q;tzjsb1;d{u;L$-hq3qe@82(ob<3qom#%`+
z;vzYAs7TIMl_O75BXu|r`Qhc4UT*vN$3Oo0kAC!{f2#HexDy|qUpgTF;k{o6|L>7l
z=?`=*LXaow1o;o<tE{OE(?2=<A4MF}#OA>NNLXsGTrvC)$R&{m=94Tf+2iTT3Y_Or
z-!;^0a{kyWtO4vksG_3cyc7HQ0~detf0+2+qxq(e1NS251N}w5iTSrM)`0p8rem!j
zZ<hbA{CN2H;rvl^?u=Z#a9)8m2_BTo>56hGD=pHI*B+dd)2B`%|9f0goozCSeXPw3
z+58k~sI02Yz#lOneJzYcG)EB0|F+ggC6D|B`6}d0khAK<z1EteZqA7EX64Ap4|63J
zj4Um~{}W6Oi8&OL<FvV6o6oW%_Z}v%WpZ1@U(esz>-gz7U3EGT|M_9$ZINqZjwf>P
zJCZ=ogSoE`=yV5YXrcTQZx@Un(64*AlLiyxWnCJ9I<5Nc*eK6eV1Mk}ci0*NrJ=t|
zCXuJG`#7GBbPceFtFEpl{(lTm`LX=B_!H+&<jfTRckhNg0e{@1{I9PYT{krFIt@FQ
zg+FwG^sp{Y@uzMp4aUaWbr@wX&jIfL%sQAoAlG7w_&aAJ|2mvGb0(1gMt;7hdCnN>
z>$*<vlz7PxQ0w-nB#-=5Lba8aRA*erxDLBLmXZInYq6sEvo_D#CSM*dTb3*>Hf}}y
zkt@nLXFG9%v**s{z&{H4e?aq<G31K6PCl)5elgO3{9)UrlZrQaZ(c^0v}TWI7z^P2
zsLTIFwM(SQ+9#ebDO2=!Tnny)T?^fZ19!?2&qc&PopnY%cm7<U{45MZe<3%K{ohhL
zm~)LF=iB)n^a1x;FCKO9wu8Z+e$vIAGyqou>p%&l#oU8lxUxk2o%K+?aAe6jLojA&
z_|J0<&#5-%u^<;NT*%4)n2-OdqfctSl6iCHE?W_Q2zpJken#_xUJlidzs249H=b#g
z?}L4-Tnp6)t_5X?_$v)vz`s9@^BME2X@w<>sKZ3=B{%*B$T5Nj%6!-Hr;I!Scj`lH
z&2dHFlOISwWJ&S2vf~@I4i~(0*T%OFiuX|eD*nd2utS4$1_JM?zmp>a#CsVy6Er^z
zeNNZZDE?R3pM?>~e?H_N`C`hy%m4jb;6L#8=a7l>3eJS2LGgEUxsau-Yh9l~o7=Yh
z2mYg3`m5*3Ik|lKQf~euzZlCWzaN&=vHuHtOwK!2@W6)hqq$Zm|7`Nmu%9^F6UH?+
z@2ii+=iJ;ZzhiUKu$QB()nKk3FooI>Jr_IjzY6=qxYy;&mvi7BlQ?t4kRjIhb|2q?
zd^K~{-^cxjVSj?<hi6;nFqt>!Xs=Da5IHmFzRj!Kzh~b!?`P7c&T9s77VLYB?8_?F
zauM^)p;qFG!9PHLfIsnt43UnmV?Wn?Ki7aXSosgq;f?MYUuSIYwOn(5vWhb{f%$pn
z4ySN-z}_%7|B);A@PA5k*7kkdr4xZ@s{e9j+9w<CJ?O>;*RFm;XPDQwx%~;8i<oa^
zexLQs#C;Swe&jxL;2)Pn5quSD44CilIrSXYU_0#4b{VXBL&8lp8{)5e>BzSKTIGKO
z{53ZZU*OLr@S5=k;?CM^i#zkxs3Sj%z0U`L%q`qM+t<Pf&d|V}H3F<zNPq^dnLw>P
zX$aL;*^g$7<Ue(mJhn9?_FDN)+hp<2y0&!%%(W5co>UyM2Go+_4A+f)IQcy^G$h2E
zb?nT$<GLCMXx=#+f8x!0hdAV2X~A_&-#?U7{;x-VC^O92Wb?eSzE+S6RX|=;&pC$<
z9g@=0Qq9>XlgTEFJI8GN6NQf%-eVn9mPilRqUbT$pN-|;FEjq@Ao&TxpZg=mEgBHB
zU@grU;&sfmqlO=6|G3sU;7t8rbK$?X0y_v9$^{X`m4jZ_BR|B|@?ZCLSPPEzz`w1n
zP5nA;4(kQFKm%$enjkkBxM%Y}2si&d|62L)U(dCzCGn56HN+i#6|nV-TGIo0;W;`(
zW-y=1KF4dp$$mC_|6}pbb>IHoKQeZajXQB>jVR?u`R>%l1o54?6NnS*arpVopdEF;
zeC5J3*M0p`*8lif;!irrcjC?(uExejsi~>4wKYwstGY^N@KY}TujLx`S=Cu+T=!dx
zKWlPm->I**E{A*q-Z^FFT5$G%7Ij0_*Mo4-y6~RmyTzUB&l<K=Dpmb{^4-!94u`ca
zdNVoO>fae(WZfO>um}mnsDXPEbau-!13!!xd!qh*{C)6&bz0j1I{>y$D-S)b*)J<Y
zxc^5t3qJV45B`taZ@>MCPk!=~KL&6Ngin0p6MCOxF2L_R9t8N!$2Wpced<#`y!F;w
zKTi5V_kX&X09wAIJ#anfg9Dhn0s7(C6Nj3S-mVn(i|C6ZAV<aixb6h<Sg0H6jw4qU
zV~?Bz5!)*lmM-iqJqY1C7nsj&+qP{N{V-~a1^op#4Sw~jUm=fL>q0$hE)874co};g
z^hR7pe4lU$P;*ggYc4o&UTQC%liCXooIfkI3TNaBV%t~FRr}yHu7kjQ2J*3;e%;iW
zvDVCh8=G80KAeyhCuY2LjrC!Od1rvF7h}zszxGV)&!)6ChP5WAjv-zQAMNJIG!JHS
zwl?pLxC-V5II#(hQ`<T9_no>l)ZAp&M0xd4%cxmco*MIk?{BD=BK`1vpc}D39|XlV
z{c&0oGdDa~TL2FT4lh=~1NL5O-P~0?V2#ie`v^CnANfGUM!b4F=JkCwd7Q`c8Na2q
zJGQQk^?6w}Vg9-{|2047((lAV84uN%sK!N2?V(!_1{{<Jh_kyRt}|;t96pc-^Er3`
zo}iC2gMPObPU{|m=x2|p6X&-wXJt%zkSPP3@xa!}dGs%8Jc%(S1BMS)CX6g%9UNV-
z>v6rdgZl56f0zDMQ+q)jKzzu^ztsVken;=DjAh6G`Cw`Q4G+BjS+n*=KI~^K{W=%t
zbD-rN)O4|*Q~@<#@1Vx$E!0W9`B~IZeFn87sHMXD>$M%|Bh93rdGf1lKo<R02YmTL
zqhr<%m_BFM7Fa&y947^SQ}y4{ZAaF|G`@C+sh521)5?cN^cOe0_9@gH-Y$)(pJd(P
z_1X@lpSgXfMnLNXGU%rcETRu24v0w?{GLKAA}IoVUkW|qDfm7YI>X3K651t&nhsl=
zXxG|%@8}Bbrlp_u#t*DZX<}_0Yb{A9*1Pd_)LtqNwy6xT4pZrOY{s?N4)pPwT(i#y
zT%`lRi8U#Ken4fw>H+N`{f#FF<O6FlgJ{<Kj?Q@Wliwb+>?ZxFlLZg7z7#cr4X>id
z{9kUD`d2=w_Zlb{^c`5IOxWCZ1k<0T1D1Z31IU0Q2edsZ1K0xv$pQVYq2KEp&#v#Z
z?{m@Lin;*S<!No<o1d3X^w>tr(C2sfF^L>{R3cjY`~#)m>Wm$Y|1fzeS0-$(Q^z@}
zEO*vlb-<?wRtMA$a{Uv^+e}~R^M`&pP`_w=4t2sW50+lDC-HjPUHYxxaYn6a!kV+c
zpX(pPb74a0@ugg}?EV6381FQ7Pgs9Tw;k1Ys~vUZ0Q%wWr;HEDO@F2gSo*u52fF@{
z0q%z~Y=K`6U=z3xA^l!GtVgeR&-iJVe)8J~tTk;$y|}FzXPtY??k~a~!Uo`(3(c&V
z#ovwmXW9;9NBlZr@{{g90y1FeXN>^XK9>w&Ef^=Zzo-1AFSP#9zb~X5_+){$(eB4K
z8gtW+nl{q+CTh+>v(gWrsP^DB*ge(~Q$AGxJ-eYc1isti%$%nM<_&Ev?%|??PK`$p
z{f-PM{Ym8k<$$)(F9)tqz<CJIAM$L1BM%w-GTk@RUOM3L%cGxlX&$hqjP-p4?g8S*
zf2wthE%1v3ttI8(g6O9&p&r4WTH3u4^(Uy`C@Z$~Z!QCFO|beXXOCj#AWIfZKZ&zf
zwlZ<mX#YOv`9G~&1pUsa&k{hbqt<3(t(AT}<AbzwZ(!($j*x!R8U(=C*57b6bs&@n
z(qG`LzmNXS_5(h-GP;nxKcZc<fIT|*=|N!k@%Sua0Na&@Ec*Fei5AudgZ5_Zb=dRL
zy5~!dP56w~t?J)Mzt3*i+F{ENmwwIvn;HPhLRoR4kA5Ey0`~*<Tu44!-QpM^3mNiY
zd69ec=!ec>FJ?h&Dk<xHrU>@D?Dt{4CHKJWLs8$zy6+(R)pr@0ur)xY{=uXFFzH_>
z-F^tN1y(2hG8V)GpDg%wW0Px_ep~nIjD~*HCSxDi0y`H!`V*~RHs^uQsb1*bK<T$Q
z`bO#l_@MP@_8AMlIwG!r58^)LK@V~`<U<c)KlBAULJoQm1LD58CzVp$)XfpU%erPW
z8sA`jr0x}Uuf#ng_s;N@pg(vtd+S{Ehw)4s))#8cIdmaez5{i`_h`*|+aA>1qGpmd
zB1m`Cjw0`nLBF2|umz+a#2X$c?Lj;M?Lj;MUp*d>7j~ayNAyj@SLpeH`)BgRH}byy
zyQSat!;U{@O(<<2fp&oQkIy$z`_CQ-)O@RN;QD9T4y|wIJ^%U#(BF%=`i49}j!D-)
zkOwPSJaG03SMkE~BzW}b_v>LA&y)EEYO6sbdnTX*$>UF|JhZ&^MSb4}Tgbne_4n+C
zwI8<r-Iaf>U4i~PI>7a3{kVa8<kbN6eyGEHKpnx06E+}DNbur?yk^WW2oOhPEHMzw
z=X22?2K^zfKk0w-3x<B|f7Kqq?vehsJ&ym&vK>|))*%C0|K+bIbmV~a`|G#+`TU#g
zXW;bWIcWsQi9c4X*RUDpIfyoPY)2bI-r9)xulm1CJDkQd6u+f)_N=w1ElgEBjprPF
z3o?Ly0RVeY_{<?)|7`m4UeEKeU77W{UX5;9iATSc1JZBhfY1KP&`I@+zH<_On{%uq
zN9diKefHP4moxi1V~=fpz8!PYj~a2-Rue*yfn@o1>3~fPVckRMxe2lM8hj!B8F)JO
z!`AP6>u>5Y&3o9t0QxBpN<VbL&~J6p@r$}YA`b%i;P8Su%#HYA>E=lJx#NyIbp1gD
zzUYBIPYHIv9ngk-Zt~<)62^1Zs1LLYMh@_tP^I7EX-9)Ed0^@y{k65Gp0KRcTmMWw
zU|+)qx{#q0SL+4q?Q`i0>COIIF8a0Cf&C`hbMj?LmG9K&iW-?PJt*u)38tTXAP>@R
zZL6uH^!RYNq$p>PKz7f-zvg>OKXcZ8h!%Vo@{VUZp|+iUD_xb(N~G|6c#oQK^nHZU
zKg#F6<)+`rf~k*Xjjye<Hud7yLjT^qdxgMfvTOvezVxCTF3Oif0G_WIV`7|<P~nWc
ze(AR_33^2C!`bid4}IuE|D80@5BovapS?PO_T6`4{db`M<z8uj=gZLlJGJM6&pb2V
z_4I~1<lonN^!s_xCx=V%oYNfrBiZ*!d-lDc_piSEqKx(?Wdva3^UN8rzr^2Ta=Q97
zbMnl0{t<JZx`tWn&mJE>+syV{bwU2glMMMs-^ss4`bYaVroXzn`YQUd__UlZL_mLs
z(vO}k!~(mi|L+(5&;>r<;|OHnbXBE78LruP;{yBxZ6y7K3)nMo-{6PCI7gQi6+rF_
zkPod!Z8n}q46ykrlQS|hVB<q)&YlUNAEf(Uu_DAf!GkDzUD%_;=Nj{#_Uqt1dtf5y
z;SZ7>(}(2Kf7BCZ>Vc;V>ccbk2~NGaf6wGQH@W9&?Zt3v(h*P4xDrN>ex7+jH*+Qg
z%^jH$&+*!v{sQ!xkWN4+>|b}qGvEd6ANzgqoVy5Qfws}ef2QqF{iiR5{pT}PS&yjo
z>lron#va-p=v;m>WB+XVz|o;UJFdjo5_!RRD|6W{4}A2a#bZ<YY5zOXFUQ`X@ZP(W
z{s{U%j85F8y<6<33tE5Ak68a_c;MC|yL{ktG|gVY^ADbn^!84m*MEMxiVt3lk+CKA
zNb%h3<?@Xjs4RdF=h6F?ZU20tua_~bKYP8{-xA*Y4e7!9EB(0Udp_^a`hUOO;5Gl#
z5jHhr?F00{?z@eCP$vBJ+iSab%;E!Oz$Xi%DibEYrm<#?yF0OWCss@zphsqN`q5Lu
zz8>v)gS_`b|KsSH)Sd_JIr%<%n06TX&t{&!H#{)?4W9hlJ`R1>FyugOh3=D_{einr
zu(Wf`qTkvED+gEULO0I*Hs%f;&=`=X4;N8Ovf28x$A*11`dmfy2=$+PNqX>XcG`h%
zJY&A6@&)*WT^rC(Caj}2+|X|6cICm5h0OK0cGB_!wEKFZJU)OQ+TZ1q2bTx9hxnq&
z$9ee|f9|0M^)#E&Pr4)f?o&DMM4w>Ksb{hF(0|wh+5_{vPow{V%TFzU2za&gjttNi
zIyR9qA56dX52Qbv2aY^g`U7R43-p`#sO1A=K<Q;83+yZ2l>S2aKgfR+Yu^bQ*i-qu
z%0mP;Ap)B~zZgO9lG^`325gOf?iUHF{~7jyGC)3L(eL(SQ70VzR~wLN18tnx(Cz2~
zctBl1kI)wAe+cxWHw*NW-d;=pd+>+wd$a@GBju*wFvabSaP<Ja6qEsn*3Id6d4Rqr
z^l|y<AEzB~*WX9~0M>tHiT!o#QFC+wBVwYo3s=y;z1jM+M=Fj!FZM>UzpL-eZzOT(
zhmZmEfWa=%KE#V3-ZK5#v!Hz<pvTgWaXk$=0q8wlZ_?`kYW{7!0CX>d{zc^{ctF~-
z>DT-U`}5!fk$aj24`#uGdB7r`>oX5tU|d*b|N3V1lXmv%MGrvE(dXG)^-J*LA>$LE
z7kut4`zE)v{@Op|(|@i#c>tM!12FQh?}PfA0`Bp%=%*RiXVzLDXnXtE@4B)5uR}a>
zbNU}q+712pIrM`k^odG8dKtG$zwHmQI^c}tfjx5?egx3!e%JRm_64e+>`Ra1IRfLb
z1KQ`SxmH{cZfyVS5m(&`{V}Y4j6J{b17`h6KWqZ&hfc(<m44z)dfXB6&vU2slR>oR
zxM%w!$F(mKy05kY&lco3%zvLCxBW+t*rxO+i=qGMvobx0-<7`VUu)ka`){=ew+Ovt
zg%52_{&UbkUA8aJPWsk)gYWV4`dnxI%s?7^fGpq{ZQuu=VH{-t7w~K%_E<8`zS;V-
zKTho*>;UQQul^1GT^HCt@I-q?)&4!QDgBndn?3sNKYKCQFU4LGKJ$n@Je$&w9@E$X
z^p@iJ(v<nWs((bE+M|w5L=Us_;lY2i^s{%yg6)%J4-lXC#CZGW^gpJ(s_ajV?!O=O
z|C7?MHi32l&s(N{*pmI<M2@dV_Wj@S_qE!d#UR?*C(6D*_Cak*KlNXGMIrBy1N}FN
z@XUh*`bF7$*>&`1(tq~1zc>0Vow-KR&vm!GUzT?Eqgnc)leZ9p)-Z*C!zqb=-$XG0
z^!8RfuQs5s>Q~qcz92(a_Q+KH?C*vCTr~UdTiR`JGuNH8v(J|FTiSEcPrBpmHRtmd
zI2Jng0J=bXK);YY^rM?jzn?~X-Pe`GbAy{D)Y6D&1GY-EBcy%Bq?bKh?A>DD9DD!p
z?{q02wno2sraGUkZv5dx+J8)&K$)No43Zr(*S`FEdL!4C)}WE}vJd%{S6-3VUw>Wp
z?Aasv`T0^%P$2vE?L+Qhj~qB~K%eW)xH(=b_jU}TLD&BP*Pc9hz@Z=e0nkpLkWl}>
z_5J^i(9Z7$(XG9~I3sY)`OGZ#_L06+Dy4E>UstcP-rU@xJ$&rxvo!n1Ao`P~KLU-8
z{zDgN4-&A6N!kPSYbQ&7sLufi`YtE2uN$S?e&5n>Y4(q#|KP!cc1j)T^QrUXMPFaP
z_SoYO8S8G}Z$?AL4`;pE?7J5K8yWqy23>cCT2<b;m*$JK^VtIU_Y$NB`p^DNyaH+G
z{mp3Lmvg;t<h!|kGyA^37d!i!w9>{=-)+A$X^-I9=e!@J@A&-;Ufc)`H}c(VI&;0x
zrrGv()5mjP%jXzS{^|29?bLNXS0bC%p!YXI!;O457rjCEEzMkGf~B3$T}dXBO23tP
z+Ci>;5UoM?C@bU@f9G1^X3=ly&ZeFH<@|RnOG--A&)fd)AUgjw?%izq{p(KJ`EP0v
z2mU)P!+3t@X14DA=E2RR-|p${GZ9ETX=d+kJRZL$nSa0daI@&oUUxnZg0xd_xu>Vz
lzF#z5%kSKX?YLH3ll^(hI(_`L*t#Iva2Ede*Z;>H_<!%{oZJ8a

literal 0
HcmV?d00001

diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/wwwroot/index.html b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/wwwroot/index.html
index 124cae8316..4847e62f33 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/wwwroot/index.html
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Client/wwwroot/index.html
@@ -21,6 +21,12 @@
         <a href="" class="reload">Reload</a>
         <a class="dismiss">🗙</a>
     </div>
+<!--#if (IndividualLocalAuth)  -->
+    <script src="_content/Microsoft.AspNetCore.Components.WebAssembly.Authentication/AuthenticationService.js"></script>
+<!--#endif  -->
+<!--#if (IndividualB2CAuth || OrganizationalAuth)  -->
+    <script src="_content/Blazor.Msal/AuthenticationService.js"></script>
+<!--#endif  -->
     <script src="_framework/blazor.webassembly.js"></script>
     <!--#if PWA -->
     <script>navigator.serviceWorker.register('service-worker.js');</script>
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Areas/Identity/Pages/Shared/_LoginPartial.cshtml b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Areas/Identity/Pages/Shared/_LoginPartial.cshtml
new file mode 100644
index 0000000000..26bfdde3cc
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Areas/Identity/Pages/Shared/_LoginPartial.cshtml
@@ -0,0 +1,35 @@
+@using Microsoft.AspNetCore.Identity
+@using BlazorWasm_CSharp.Server.Models
+@inject SignInManager<ApplicationUser> SignInManager
+@inject UserManager<ApplicationUser> UserManager
+@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
+
+@{
+    var returnUrl = "/";
+    if (Context.Request.Query.TryGetValue("returnUrl", out var existingUrl)) {
+        returnUrl = existingUrl;
+    }
+}
+
+<ul class="navbar-nav">
+@if (SignInManager.IsSignedIn(User))
+{
+    <li class="nav-item">
+        <a  class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Manage/Index" title="Manage">Hello @User.Identity.Name!</a>
+    </li>
+    <li class="nav-item">
+        <form class="form-inline" asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="/" method="post">
+            <button  type="submit" class="nav-link btn btn-link text-dark">Logout</button>
+        </form>
+    </li>
+}
+else
+{
+    <li class="nav-item">
+        <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Register" asp-route-returnUrl="@returnUrl">Register</a>
+    </li>
+    <li class="nav-item">
+        <a class="nav-link text-dark" asp-area="Identity" asp-page="/Account/Login" asp-route-returnUrl="@returnUrl">Login</a>
+    </li>
+}
+</ul>
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/OidcConfigurationController.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/OidcConfigurationController.cs
new file mode 100644
index 0000000000..a13f1c07b6
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/OidcConfigurationController.cs
@@ -0,0 +1,26 @@
+using Microsoft.AspNetCore.ApiAuthorization.IdentityServer;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+
+namespace BlazorWasm_CSharp.Server.Controllers
+{
+    public class OidcConfigurationController : Controller
+    {
+        private readonly ILogger<OidcConfigurationController> _logger;
+
+        public OidcConfigurationController(IClientRequestParametersProvider clientRequestParametersProvider, ILogger<OidcConfigurationController> logger)
+        {
+            ClientRequestParametersProvider = clientRequestParametersProvider;
+            _logger = logger;
+        }
+
+        public IClientRequestParametersProvider ClientRequestParametersProvider { get; }
+
+        [HttpGet("_configuration/{clientId}")]
+        public IActionResult GetClientRequestParameters([FromRoute]string clientId)
+        {
+            var parameters = ClientRequestParametersProvider.GetClientParameters(HttpContext, clientId);
+            return Ok(parameters);
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/WeatherForecastController.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/WeatherForecastController.cs
index 6862c16a71..c6f2eb0ece 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/WeatherForecastController.cs
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Controllers/WeatherForecastController.cs
@@ -3,11 +3,17 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+#if (!NoAuth)
+using Microsoft.AspNetCore.Authorization;
+#endif
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
 namespace BlazorWasm_CSharp.Server.Controllers
 {
+#if (!NoAuth)
+    [Authorize]
+#endif
     [ApiController]
     [Route("[controller]")]
     public class WeatherForecastController : ControllerBase
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/ApplicationDbContext.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/ApplicationDbContext.cs
new file mode 100644
index 0000000000..4758c9b43b
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/ApplicationDbContext.cs
@@ -0,0 +1,21 @@
+using BlazorWasm_CSharp.Server.Models;
+using IdentityServer4.EntityFramework.Options;
+using Microsoft.AspNetCore.ApiAuthorization.IdentityServer;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Options;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BlazorWasm_CSharp.Server.Data
+{
+    public class ApplicationDbContext : ApiAuthorizationDbContext<ApplicationUser>
+    {
+        public ApplicationDbContext(
+            DbContextOptions options,
+            IOptions<OperationalStoreOptions> operationalStoreOptions) : base(options, operationalStoreOptions)
+        {
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.Designer.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.Designer.cs
new file mode 100644
index 0000000000..7c6ab895cd
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.Designer.cs
@@ -0,0 +1,352 @@
+// <auto-generated />
+using System;
+using BlazorWasm_CSharp.Server.Data;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+namespace BlazorWasm_CSharp.Server.Data.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("00000000000000_CreateIdentitySchema")]
+    partial class CreateIdentitySchema
+    {
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.0.0-rc1.19455.8");
+
+            modelBuilder.Entity("BlazorWasm_CSharp.Server.Models.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.DeviceFlowCodes", b =>
+                {
+                    b.Property<string>("UserCode")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(50000);
+
+                    b.Property<string>("DeviceCode")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime?>("Expiration")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.HasKey("UserCode");
+
+                    b.HasIndex("DeviceCode")
+                        .IsUnique();
+
+                    b.HasIndex("Expiration");
+
+                    b.ToTable("DeviceCodes");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.PersistedGrant", b =>
+                {
+                    b.Property<string>("Key")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(50000);
+
+                    b.Property<DateTime?>("Expiration")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(50);
+
+                    b.HasKey("Key");
+
+                    b.HasIndex("Expiration");
+
+                    b.HasIndex("SubjectId", "ClientId", "Type");
+
+                    b.ToTable("PersistedGrants");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Name")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Value")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.cs
new file mode 100644
index 0000000000..9bf71dd82f
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/00000000000000_CreateIdentitySchema.cs
@@ -0,0 +1,278 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace BlazorWasm_CSharp.Server.Data.Migrations
+{
+    public partial class CreateIdentitySchema : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "AspNetRoles",
+                columns: table => new
+                {
+                    Id = table.Column<string>(nullable: false),
+                    Name = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedName = table.Column<string>(maxLength: 256, nullable: true),
+                    ConcurrencyStamp = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetRoles", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUsers",
+                columns: table => new
+                {
+                    Id = table.Column<string>(nullable: false),
+                    UserName = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedUserName = table.Column<string>(maxLength: 256, nullable: true),
+                    Email = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedEmail = table.Column<string>(maxLength: 256, nullable: true),
+                    EmailConfirmed = table.Column<bool>(nullable: false),
+                    PasswordHash = table.Column<string>(nullable: true),
+                    SecurityStamp = table.Column<string>(nullable: true),
+                    ConcurrencyStamp = table.Column<string>(nullable: true),
+                    PhoneNumber = table.Column<string>(nullable: true),
+                    PhoneNumberConfirmed = table.Column<bool>(nullable: false),
+                    TwoFactorEnabled = table.Column<bool>(nullable: false),
+                    LockoutEnd = table.Column<DateTimeOffset>(nullable: true),
+                    LockoutEnabled = table.Column<bool>(nullable: false),
+                    AccessFailedCount = table.Column<int>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUsers", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "DeviceCodes",
+                columns: table => new
+                {
+                    UserCode = table.Column<string>(maxLength: 200, nullable: false),
+                    DeviceCode = table.Column<string>(maxLength: 200, nullable: false),
+                    SubjectId = table.Column<string>(maxLength: 200, nullable: true),
+                    ClientId = table.Column<string>(maxLength: 200, nullable: false),
+                    CreationTime = table.Column<DateTime>(nullable: false),
+                    Expiration = table.Column<DateTime>(nullable: false),
+                    Data = table.Column<string>(maxLength: 50000, nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_DeviceCodes", x => x.UserCode);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "PersistedGrants",
+                columns: table => new
+                {
+                    Key = table.Column<string>(maxLength: 200, nullable: false),
+                    Type = table.Column<string>(maxLength: 50, nullable: false),
+                    SubjectId = table.Column<string>(maxLength: 200, nullable: true),
+                    ClientId = table.Column<string>(maxLength: 200, nullable: false),
+                    CreationTime = table.Column<DateTime>(nullable: false),
+                    Expiration = table.Column<DateTime>(nullable: true),
+                    Data = table.Column<string>(maxLength: 50000, nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_PersistedGrants", x => x.Key);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetRoleClaims",
+                columns: table => new
+                {
+                    Id = table.Column<int>(nullable: false)
+                        .Annotation("Sqlite:Autoincrement", true),
+                    RoleId = table.Column<string>(nullable: false),
+                    ClaimType = table.Column<string>(nullable: true),
+                    ClaimValue = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetRoleClaims", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetRoleClaims_AspNetRoles_RoleId",
+                        column: x => x.RoleId,
+                        principalTable: "AspNetRoles",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserClaims",
+                columns: table => new
+                {
+                    Id = table.Column<int>(nullable: false)
+                        .Annotation("Sqlite:Autoincrement", true),
+                    UserId = table.Column<string>(nullable: false),
+                    ClaimType = table.Column<string>(nullable: true),
+                    ClaimValue = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserClaims", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserClaims_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserLogins",
+                columns: table => new
+                {
+                    LoginProvider = table.Column<string>(maxLength: 128, nullable: false),
+                    ProviderKey = table.Column<string>(maxLength: 128, nullable: false),
+                    ProviderDisplayName = table.Column<string>(nullable: true),
+                    UserId = table.Column<string>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserLogins", x => new { x.LoginProvider, x.ProviderKey });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserLogins_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserRoles",
+                columns: table => new
+                {
+                    UserId = table.Column<string>(nullable: false),
+                    RoleId = table.Column<string>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserRoles", x => new { x.UserId, x.RoleId });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserRoles_AspNetRoles_RoleId",
+                        column: x => x.RoleId,
+                        principalTable: "AspNetRoles",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserRoles_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserTokens",
+                columns: table => new
+                {
+                    UserId = table.Column<string>(nullable: false),
+                    LoginProvider = table.Column<string>(maxLength: 128, nullable: false),
+                    Name = table.Column<string>(maxLength: 128, nullable: false),
+                    Value = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserTokens", x => new { x.UserId, x.LoginProvider, x.Name });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserTokens_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetRoleClaims_RoleId",
+                table: "AspNetRoleClaims",
+                column: "RoleId");
+
+            migrationBuilder.CreateIndex(
+                name: "RoleNameIndex",
+                table: "AspNetRoles",
+                column: "NormalizedName",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserClaims_UserId",
+                table: "AspNetUserClaims",
+                column: "UserId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserLogins_UserId",
+                table: "AspNetUserLogins",
+                column: "UserId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserRoles_RoleId",
+                table: "AspNetUserRoles",
+                column: "RoleId");
+
+            migrationBuilder.CreateIndex(
+                name: "EmailIndex",
+                table: "AspNetUsers",
+                column: "NormalizedEmail");
+
+            migrationBuilder.CreateIndex(
+                name: "UserNameIndex",
+                table: "AspNetUsers",
+                column: "NormalizedUserName",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_DeviceCodes_DeviceCode",
+                table: "DeviceCodes",
+                column: "DeviceCode",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_DeviceCodes_Expiration",
+                table: "DeviceCodes",
+                column: "Expiration");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_PersistedGrants_Expiration",
+                table: "PersistedGrants",
+                column: "Expiration");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_PersistedGrants_SubjectId_ClientId_Type",
+                table: "PersistedGrants",
+                columns: new[] { "SubjectId", "ClientId", "Type" });
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "AspNetRoleClaims");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserClaims");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserLogins");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserRoles");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserTokens");
+
+            migrationBuilder.DropTable(
+                name: "DeviceCodes");
+
+            migrationBuilder.DropTable(
+                name: "PersistedGrants");
+
+            migrationBuilder.DropTable(
+                name: "AspNetRoles");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUsers");
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/ApplicationDbContextModelSnapshot.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/ApplicationDbContextModelSnapshot.cs
new file mode 100644
index 0000000000..46707aab33
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlLite/ApplicationDbContextModelSnapshot.cs
@@ -0,0 +1,350 @@
+// <auto-generated />
+using System;
+using BlazorWasm_CSharp.Server.Data;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+namespace BlazorWasm_CSharp.Server.Data.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    partial class ApplicationDbContextModelSnapshot : ModelSnapshot
+    {
+        protected override void BuildModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.0.0-rc1.19455.8");
+
+            modelBuilder.Entity("BlazorWasm_CSharp.Server.Models.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.DeviceFlowCodes", b =>
+                {
+                    b.Property<string>("UserCode")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(50000);
+
+                    b.Property<string>("DeviceCode")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime?>("Expiration")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.HasKey("UserCode");
+
+                    b.HasIndex("DeviceCode")
+                        .IsUnique();
+
+                    b.HasIndex("Expiration");
+
+                    b.ToTable("DeviceCodes");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.PersistedGrant", b =>
+                {
+                    b.Property<string>("Key")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(50000);
+
+                    b.Property<DateTime?>("Expiration")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(50);
+
+                    b.HasKey("Key");
+
+                    b.HasIndex("Expiration");
+
+                    b.HasIndex("SubjectId", "ClientId", "Type");
+
+                    b.ToTable("PersistedGrants");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Name")
+                        .HasColumnType("TEXT")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Value")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.Designer.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.Designer.cs
new file mode 100644
index 0000000000..44cd41c4a4
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.Designer.cs
@@ -0,0 +1,359 @@
+// <auto-generated />
+using System;
+using BlazorWasm_CSharp.Server.Data;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+namespace BlazorWasm_CSharp.Server.Data.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("00000000000000_CreateIdentitySchema")]
+    partial class CreateIdentitySchema
+    {
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.0.0-rc1.19455.8")
+                .HasAnnotation("Relational:MaxIdentifierLength", 128)
+                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+            modelBuilder.Entity("BlazorWasm_CSharp.Server.Models.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("int");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex")
+                        .HasFilter("[NormalizedUserName] IS NOT NULL");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.DeviceFlowCodes", b =>
+                {
+                    b.Property<string>("UserCode")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)")
+                        .HasMaxLength(50000);
+
+                    b.Property<string>("DeviceCode")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime?>("Expiration")
+                        .IsRequired()
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.HasKey("UserCode");
+
+                    b.HasIndex("DeviceCode")
+                        .IsUnique();
+
+                    b.HasIndex("Expiration");
+
+                    b.ToTable("DeviceCodes");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.PersistedGrant", b =>
+                {
+                    b.Property<string>("Key")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)")
+                        .HasMaxLength(50000);
+
+                    b.Property<DateTime?>("Expiration")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.HasKey("Key");
+
+                    b.HasIndex("Expiration");
+
+                    b.HasIndex("SubjectId", "ClientId", "Type");
+
+                    b.ToTable("PersistedGrants");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex")
+                        .HasFilter("[NormalizedName] IS NOT NULL");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Value")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.cs
new file mode 100644
index 0000000000..fbcd6c8a16
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/00000000000000_CreateIdentitySchema.cs
@@ -0,0 +1,280 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace BlazorWasm_CSharp.Server.Data.Migrations
+{
+    public partial class CreateIdentitySchema : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "AspNetRoles",
+                columns: table => new
+                {
+                    Id = table.Column<string>(nullable: false),
+                    Name = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedName = table.Column<string>(maxLength: 256, nullable: true),
+                    ConcurrencyStamp = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetRoles", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUsers",
+                columns: table => new
+                {
+                    Id = table.Column<string>(nullable: false),
+                    UserName = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedUserName = table.Column<string>(maxLength: 256, nullable: true),
+                    Email = table.Column<string>(maxLength: 256, nullable: true),
+                    NormalizedEmail = table.Column<string>(maxLength: 256, nullable: true),
+                    EmailConfirmed = table.Column<bool>(nullable: false),
+                    PasswordHash = table.Column<string>(nullable: true),
+                    SecurityStamp = table.Column<string>(nullable: true),
+                    ConcurrencyStamp = table.Column<string>(nullable: true),
+                    PhoneNumber = table.Column<string>(nullable: true),
+                    PhoneNumberConfirmed = table.Column<bool>(nullable: false),
+                    TwoFactorEnabled = table.Column<bool>(nullable: false),
+                    LockoutEnd = table.Column<DateTimeOffset>(nullable: true),
+                    LockoutEnabled = table.Column<bool>(nullable: false),
+                    AccessFailedCount = table.Column<int>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUsers", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "DeviceCodes",
+                columns: table => new
+                {
+                    UserCode = table.Column<string>(maxLength: 200, nullable: false),
+                    DeviceCode = table.Column<string>(maxLength: 200, nullable: false),
+                    SubjectId = table.Column<string>(maxLength: 200, nullable: true),
+                    ClientId = table.Column<string>(maxLength: 200, nullable: false),
+                    CreationTime = table.Column<DateTime>(nullable: false),
+                    Expiration = table.Column<DateTime>(nullable: false),
+                    Data = table.Column<string>(maxLength: 50000, nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_DeviceCodes", x => x.UserCode);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "PersistedGrants",
+                columns: table => new
+                {
+                    Key = table.Column<string>(maxLength: 200, nullable: false),
+                    Type = table.Column<string>(maxLength: 50, nullable: false),
+                    SubjectId = table.Column<string>(maxLength: 200, nullable: true),
+                    ClientId = table.Column<string>(maxLength: 200, nullable: false),
+                    CreationTime = table.Column<DateTime>(nullable: false),
+                    Expiration = table.Column<DateTime>(nullable: true),
+                    Data = table.Column<string>(maxLength: 50000, nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_PersistedGrants", x => x.Key);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetRoleClaims",
+                columns: table => new
+                {
+                    Id = table.Column<int>(nullable: false)
+                        .Annotation("SqlServer:Identity", "1, 1"),
+                    RoleId = table.Column<string>(nullable: false),
+                    ClaimType = table.Column<string>(nullable: true),
+                    ClaimValue = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetRoleClaims", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetRoleClaims_AspNetRoles_RoleId",
+                        column: x => x.RoleId,
+                        principalTable: "AspNetRoles",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserClaims",
+                columns: table => new
+                {
+                    Id = table.Column<int>(nullable: false)
+                        .Annotation("SqlServer:Identity", "1, 1"),
+                    UserId = table.Column<string>(nullable: false),
+                    ClaimType = table.Column<string>(nullable: true),
+                    ClaimValue = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserClaims", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserClaims_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserLogins",
+                columns: table => new
+                {
+                    LoginProvider = table.Column<string>(maxLength: 128, nullable: false),
+                    ProviderKey = table.Column<string>(maxLength: 128, nullable: false),
+                    ProviderDisplayName = table.Column<string>(nullable: true),
+                    UserId = table.Column<string>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserLogins", x => new { x.LoginProvider, x.ProviderKey });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserLogins_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserRoles",
+                columns: table => new
+                {
+                    UserId = table.Column<string>(nullable: false),
+                    RoleId = table.Column<string>(nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserRoles", x => new { x.UserId, x.RoleId });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserRoles_AspNetRoles_RoleId",
+                        column: x => x.RoleId,
+                        principalTable: "AspNetRoles",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserRoles_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserTokens",
+                columns: table => new
+                {
+                    UserId = table.Column<string>(nullable: false),
+                    LoginProvider = table.Column<string>(maxLength: 128, nullable: false),
+                    Name = table.Column<string>(maxLength: 128, nullable: false),
+                    Value = table.Column<string>(nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserTokens", x => new { x.UserId, x.LoginProvider, x.Name });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserTokens_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetRoleClaims_RoleId",
+                table: "AspNetRoleClaims",
+                column: "RoleId");
+
+            migrationBuilder.CreateIndex(
+                name: "RoleNameIndex",
+                table: "AspNetRoles",
+                column: "NormalizedName",
+                unique: true,
+                filter: "[NormalizedName] IS NOT NULL");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserClaims_UserId",
+                table: "AspNetUserClaims",
+                column: "UserId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserLogins_UserId",
+                table: "AspNetUserLogins",
+                column: "UserId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserRoles_RoleId",
+                table: "AspNetUserRoles",
+                column: "RoleId");
+
+            migrationBuilder.CreateIndex(
+                name: "EmailIndex",
+                table: "AspNetUsers",
+                column: "NormalizedEmail");
+
+            migrationBuilder.CreateIndex(
+                name: "UserNameIndex",
+                table: "AspNetUsers",
+                column: "NormalizedUserName",
+                unique: true,
+                filter: "[NormalizedUserName] IS NOT NULL");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_DeviceCodes_DeviceCode",
+                table: "DeviceCodes",
+                column: "DeviceCode",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_DeviceCodes_Expiration",
+                table: "DeviceCodes",
+                column: "Expiration");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_PersistedGrants_Expiration",
+                table: "PersistedGrants",
+                column: "Expiration");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_PersistedGrants_SubjectId_ClientId_Type",
+                table: "PersistedGrants",
+                columns: new[] { "SubjectId", "ClientId", "Type" });
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "AspNetRoleClaims");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserClaims");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserLogins");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserRoles");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserTokens");
+
+            migrationBuilder.DropTable(
+                name: "DeviceCodes");
+
+            migrationBuilder.DropTable(
+                name: "PersistedGrants");
+
+            migrationBuilder.DropTable(
+                name: "AspNetRoles");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUsers");
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/ApplicationDbContextModelSnapshot.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/ApplicationDbContextModelSnapshot.cs
new file mode 100644
index 0000000000..448ccd3969
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Data/SqlServer/ApplicationDbContextModelSnapshot.cs
@@ -0,0 +1,357 @@
+// <auto-generated />
+using System;
+using BlazorWasm_CSharp.Server.Data;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Metadata;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+namespace BlazorWasm_CSharp.Server.Data.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    partial class ApplicationDbContextModelSnapshot : ModelSnapshot
+    {
+        protected override void BuildModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "3.0.0-rc1.19455.8")
+                .HasAnnotation("Relational:MaxIdentifierLength", 128)
+                .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+            modelBuilder.Entity("BlazorWasm_CSharp.Server.Models.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("int");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("datetimeoffset");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("bit");
+
+                    b.Property<string>("UserName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasName("UserNameIndex")
+                        .HasFilter("[NormalizedUserName] IS NOT NULL");
+
+                    b.ToTable("AspNetUsers");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.DeviceFlowCodes", b =>
+                {
+                    b.Property<string>("UserCode")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)")
+                        .HasMaxLength(50000);
+
+                    b.Property<string>("DeviceCode")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime?>("Expiration")
+                        .IsRequired()
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.HasKey("UserCode");
+
+                    b.HasIndex("DeviceCode")
+                        .IsUnique();
+
+                    b.HasIndex("Expiration");
+
+                    b.ToTable("DeviceCodes");
+                });
+
+            modelBuilder.Entity("IdentityServer4.EntityFramework.Entities.PersistedGrant", b =>
+                {
+                    b.Property<string>("Key")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("ClientId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<DateTime>("CreationTime")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("Data")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(max)")
+                        .HasMaxLength(50000);
+
+                    b.Property<DateTime?>("Expiration")
+                        .HasColumnType("datetime2");
+
+                    b.Property<string>("SubjectId")
+                        .HasColumnType("nvarchar(200)")
+                        .HasMaxLength(200);
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(50)")
+                        .HasMaxLength(50);
+
+                    b.HasKey("Key");
+
+                    b.HasIndex("Expiration");
+
+                    b.HasIndex("SubjectId", "ClientId", "Type");
+
+                    b.ToTable("PersistedGrants");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.Property<string>("NormalizedName")
+                        .HasColumnType("nvarchar(256)")
+                        .HasMaxLength(256);
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasName("RoleNameIndex")
+                        .HasFilter("[NormalizedName] IS NOT NULL");
+
+                    b.ToTable("AspNetRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("int")
+                        .HasAnnotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn);
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("nvarchar(450)");
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Name")
+                        .HasColumnType("nvarchar(128)")
+                        .HasMaxLength(128);
+
+                    b.Property<string>("Value")
+                        .HasColumnType("nvarchar(max)");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("BlazorWasm_CSharp.Server.Models.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Models/ApplicationUser.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Models/ApplicationUser.cs
new file mode 100644
index 0000000000..5aa9cb4030
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Models/ApplicationUser.cs
@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Identity;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BlazorWasm_CSharp.Server.Models
+{
+    public class ApplicationUser : IdentityUser
+    {
+    }
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Program.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Program.cs
index b969665b21..172bcf57d8 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Program.cs
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Program.cs
@@ -1,6 +1,11 @@
-using Microsoft.AspNetCore;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
 
 namespace BlazorWasm_CSharp.Server
 {
@@ -8,15 +13,15 @@ namespace BlazorWasm_CSharp.Server
     {
         public static void Main(string[] args)
         {
-            BuildWebHost(args).Run();
+            CreateHostBuilder(args).Build().Run();
         }
 
-        public static IWebHost BuildWebHost(string[] args) =>
-            WebHost.CreateDefaultBuilder(args)
-                .UseConfiguration(new ConfigurationBuilder()
-                    .AddCommandLine(args)
-                    .Build())
-                .UseStartup<Startup>()
-                .Build();
+        public static IHostBuilder CreateHostBuilder(string[] args) =>
+            Host.CreateDefaultBuilder(args)
+                .ConfigureWebHostDefaults(webBuilder =>
+                {
+                    webBuilder.UseStartup<Startup>();
+                });
+
     }
 }
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Startup.cs b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Startup.cs
index ac46fb46dd..97ea2d7383 100644
--- a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Startup.cs
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/Startup.cs
@@ -1,19 +1,76 @@
+#if (OrganizationalAuth || IndividualB2CAuth || IndividualLocalAuth)
+using Microsoft.AspNetCore.Authentication;
+#endif
 using Microsoft.AspNetCore.Builder;
+#if (IndividualLocalAuth)
+using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Identity.UI;
+#endif
+#if (RequiresHttps)
+using Microsoft.AspNetCore.HttpsPolicy;
+#endif
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.ResponseCompression;
+#if (IndividualLocalAuth)
+using Microsoft.EntityFrameworkCore;
+#endif
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using System.Linq;
+#if (IndividualLocalAuth)
+using BlazorWasm_CSharp.Server.Data;
+using BlazorWasm_CSharp.Server.Models;
+#endif
 
 namespace BlazorWasm_CSharp.Server
 {
     public class Startup
     {
+        public Startup(IConfiguration configuration)
+        {
+            Configuration = configuration;
+        }
+
+        public IConfiguration Configuration { get; }
+
         // This method gets called by the runtime. Use this method to add services to the container.
         // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddMvc();
+#if (IndividualLocalAuth)
+            services.AddDbContext<ApplicationDbContext>(options =>
+    #if (UseLocalDB)
+                options.UseSqlServer(
+                    Configuration.GetConnectionString("DefaultConnection")));
+    #else
+                options.UseSqlite(
+                    Configuration.GetConnectionString("DefaultConnection")));
+    #endif
+
+            services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
+                .AddEntityFrameworkStores<ApplicationDbContext>();
+
+            services.AddIdentityServer()
+                .AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
+
+            services.AddAuthentication()
+                .AddIdentityServerJwt();
+#endif
+#if (OrganizationalAuth)
+            services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
+                .AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
+#elif (IndividualB2CAuth)
+            services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
+                .AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));
+#endif
+
+            services.AddControllersWithViews();
+#if (IndividualLocalAuth)
+            services.AddRazorPages();
+#endif
+
             services.AddResponseCompression(opts =>
             {
                 opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
@@ -29,17 +86,46 @@ namespace BlazorWasm_CSharp.Server
             if (env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
+#if (IndividualLocalAuth)
+                app.UseDatabaseErrorPage();
+#endif
                 app.UseBlazorDebugging();
             }
+            else
+            {
+                app.UseExceptionHandler("/Error");
+#if (RequiresHttps)
+                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
+                app.UseHsts();
+            }
 
+            app.UseHttpsRedirection();
+#else
+            }
+
+#endif
             app.UseStaticFiles();
             app.UseClientSideBlazorFiles<Client.Program>();
 
             app.UseRouting();
 
+#if (OrganizationalAuth || IndividualAuth)
+            app.UseAuthentication();
+#endif
+#if (IndividualLocalAuth)
+            app.UseIdentityServer();
+#endif
+#if (!NoAuth)
+            app.UseAuthorization();
+
+#endif
             app.UseEndpoints(endpoints =>
             {
-                endpoints.MapDefaultControllerRoute();
+#if (IndividualLocalAuth)
+                endpoints.MapRazorPages();
+#endif
+                endpoints.MapControllers();
+
                 endpoints.MapFallbackToClientSideBlazor<Client.Program>("index.html");
             });
         }
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/app.db b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/app.db
new file mode 100644
index 0000000000000000000000000000000000000000..1f4261428921fa7da2622f12eeb1399f23023b2c
GIT binary patch
literal 135168
zcmeI)%WoUU9S3ky4^j_H^dk=Qbk-EmnvmsMa9p(q!)2(IOjx35k}@m=2D>8H_9i4(
z-d);OfFAUSgPd{=kiVe?nq!Mz(-yrI=%I(^uP6!wxpZcBS2H`@CFR7D65>l+4tM9d
zpWp1vK7>^6tQd~2JTR@6<|x-<r(;7yvEL|4EEXFkKNrc5|2a>-jQAVmzj5Jv)YswI
zmG_lVnmP3y&GUNdyXmhc&rj`-e>w5(*xB)o#21MhBYztDW@J0|_0VUj7f}`Q{d?up
z$@J`O{P~BDw%OEk_Eu4M)@|J?n@!!8HqYeCYObm()!YXws*;gXGs>l@359$zw0xnF
zQL5^_s#07dKkF+im%T(<aa3Y{tyrm+bA@76$&_x_x*8~z3#+;EhH_ioP%in+Tvjq(
zomsC9v6`i>YP@RM0oMH9EUlH*!gA58*{@G2t4nHGE#}pVf4Hm|In)d}hODwyR2J10
zm6+snm3(edeVHCmCcEZi1$*G_&4%=V6^rh{)I|2inMC@|Y&>SP8~QW*ag&V6n$~el
zwk@mH<|XE{dsnBE>AAW1^K;UeSTP?OZDCNj+o`Bg;U@E8!M015`NU}GR>bJ=lW*(W
zeR3=s_EuBdE@~~^&nb*DUo~t9io+u?%KQ!ohgq=OWVDHW>^tP#ItBD2iTKS_B3+s5
zA91fYLde}cr}tu0EasnHlVYB4YDP<lxw}0b6>~S4$DE$&<aAb-)$+kiphO11FD(Wj
zw_aT<6iIulYO(51BE7<!VYO7Zx5CB+OS`KzJ0Xc;w*u3K+pVLHVd+$Y&cqum0Nz<^
z>yJBnyRJ){QvrS{@lu<d5|>HI>|SiLJE(L5a}UTp@A>wrK&{^N&Xd1SP{q=HgGw_;
ztqiX=sJvT8x)_kDcz1D}t*`qxSy)SC#y4z7Z!B9{+p(q1iC_SvRPNtBIm)M0S5X1q
zKZnFKL|UUOoz0K*y2FDZ%&hsQp|^!3sc7EPHODa9RfEsVQWo{umSM3>Artqa=4k$I
zuN+;`CVH)C($UuDr5%&I`D8LZGZWumWl>nvpBQyLZ#HyW_&OHU7gD%9op)$CsfRLu
zplk>|PnRn4V{_aAkRlWwgzIC8bYUiHk>ST=*XD(d@%`o~!~gs}X=xEw6+02c=a(cl
z$LGV*>#ocmC>6p^qZe_#P^6daP2&^2(Ib=E(u}4bG2xWpg`;w?{du$fz_40+$dc&C
zy`<UpQ`2hP((Fee4OR4d$1<Glileo*LefbKB!fj(jL0mdM`l|uc3PYK5==M}A@vZw
ztv)rEw7O$jYMb6X^f;~+v;MK!an$y~U4hW(L1Ldua&@v0+Djw`dLwUk+D`YS1(_<Y
zCwh%iVTgzqzIJlw{xBP*dvRfu(sjZcrR?iS*eGQwFFi`VQX!+X?+A^^&?ESiWu!j~
z>yyvIHb!^u#gplUh4}6oW2x2DrB&mhJA2!=$Wmrn+o3y$f>fb-INCv-eb4cTib5R8
zWqPAicka?9*KGS|3tv+TLy7eLg{bK)w4K^~=<eaf*#x<zK0i4{{*9;p8Y6%4fdB*`
z009U<00Izz00bZa0SG|g$1SiBAFll3YT#32&$Y?x3G(clK7gw~(p%cKD_5^vowMrm
zSLT2H{`Kouel<akE1vpyjQqt10uX=z1Rwwb2tWV=5P$##AOL}%n!wM7E8~IZ0arsG
z2+;Tc<d^>OfdB*`009U<00Izz00bZa0SG`~fCcFLf875MaDZ`W5P$##AOHafKmY;|
zfB*y_00AO^_x~6M5P$##AOHafKmY;|fB*y_0D-|5!2AEfk1>uA0uX=z1Rwwb2tWV=
z5P$##Ab|J(7y}T100bZa0SG_<0uX=z1Rwx`!56^$|G|$jjt~M6fB*y_009U<00Izz
z00ba__x~6J5P$##AOHafKmY;|fB*y_0D-|5!2AEfk1>uA0uX=z1Rwwb2tWV=5P$##
zAb|J(7y}T100bZa0SG_<0uX=z1Rwx`!56^&|KP_MM+gB3KmY;|fB*y_009U<00I!e
z{XfP41Rwwb2tWV=5P$##AOHafKw$6%aQ{E}F~$)>00Izz00bZa0SG_<0uX=z1n~d=
z!x(@71Rwwb2tWV=5P$##AOHaf488!~{||nQafA?n00bZa0SG_<0uX=z1Rwwby#L1-
zfB*y_009U<00Izz00bZa0SFAf0N(!(evEO15P$##AOHafKmY;|fB*y_00F%J#~6SB
z1Rwwb2tWV=5P$##AOHaf48Fir>P2ia@kMO<pQ+zZ{dxMU$@5eD<6lmEJ9c(_Bk@Jz
z#>k(Bz8Tq$eLeJ9>@oS%=d)KnolMWp#-D%aXq!zvXKxjCXWiDVvf0#awwZd7xKNpk
z$BcGEe`Y^!8jfDmI*!S<YrI6&{8(?>wRw5ZYpEBb|LM~PZ}LpOtmdk!Qq6s^qAD3)
z8S79+ximGQkWYs8vCzmURrOv~DXx*9^_7*&ULwsKm6%^ER;uM(p;%QirQ1UPy#`9<
z!fLL(q1;wCluLdymz9iHXVz;&tY)dJ8n0SbWzFx+(pp(9EEm0+{rZ%$x}=uXVqUHI
zhs%nQL(Pz5$SP|^Wl>#GiAg?J$>$c;m+1jzvTHt8um|4WY)B7SvFIL5O=NGJNu=-0
z_8%24fiNi8j<cy3!+%fD&BdRelg8bO`Os*)1CI>~cRLj|D%@l~EZBC*GM^X?-HI3;
ze)4U7yHAcq!`^CY+eNLV`#FVC=BtJcL2-BlMw#E?;4lkzn~XNGk9~)nTc<FTk0jzZ
zQ;GCp<^iuaLde}cr&BND|DrMf^qLg&d{Z-8Ld@Om>8O~y$vo!tOed$ax~!HDW&$NL
z0DfsP0J-(*TA@hVTUCoye-h~x-VCdyy1f-PE?C-Kt=S1l6uT9eHr#F<bqq_V5_Bfs
zU;*&va$A4g(c5)h+MEjTONp1-<dnEfN@n+BlgX~2(sSHBAb0-e+ouAxdeb{k{ysq!
zOZN>b%^bBdyxO4hZXM}jK&Il|#c{TV@84u$Es+`DupPazY-w%BmNqAX0gzI;fA{1l
zpHf{#1$_S;63-B6jjnVyKho<C4~8(a=9`Az7Luf*c}v$E!)#X#J}*mI)Ms0U#WICV
z+>4r{`MbSxbVZx!wW3K!Tbq}5Oz!5B$@I)je1DZiVNri#)b+gC&~4%CSWsU`;qr9e
zq2;6=%KU+{A@n?5s>qMcaR)$(P<Rlok0sKDnW)POeoW*#Q`i{aZ;mqj&)<`l7GYJf
z6G41_X=!tOJ{-O7%ItwsA?!4I5!VYv(`so=;}gBnBa_<FjHVwk;gsNoqjIqQd9(e%
zuv&V^lIX|1q}ldU(`ww(>_;IDRrGqtGMw#-qqVj|(n$*>gGE-1$SkEtW?L_ITATb5
zOgIuD^$@+SJ~fxLx?@^uo8F-GIIb15{;}C{)b_z$fzaqdVxLNKb+QoJOC$z*BX4%v
zPWPn+nJTU)dW}+Hh=_MXc5>(bFdL<Nabc9wb;28^?CVI_C}k-xJxaY&A)~bK2#v_l
zBlwhMq(2Mmlh497MtAPTlj((p`0g5Gsnyh_RpX&Md)v3jQf6A)p*x3yRH1n|+CiOt
z&+&+gLLA9udZSZ!?$RaKZ2M;mUsDQ0iS+%2sOc=Uo!Wfp?qPBxKSpon>F@ua8~S4`
z^@r)%Q_oH<Ol(ffjO~u)l7C6ACH|3E9{t<sgOUG^JRbhv@JA#YJ`gxrft_DoNT#*f
z_)d#GF)G}vNtaHwgDa7mf8kf77miZ4i{9B@C@!k^l+5Al$<RkA8L2ihFJund&5%28
zziIlNUAAU-#@|h*mr2LxqB_p6GNsy;zJ29IBfBSL$!@=sOy8V|@4V}GMY#H@@r=UW
z_qw_uBnm~`=7lsW!)wfBcVch5ZO?|a%?t8x_64u)^<v@9x=L=&{fG&9YW#a>7lh>O
z)?3N+&&koxupanVPX+owQdn%?4Q(}$+igiGLl2f;TKRc1+26jIOkX4|j<XiorIp;=
zJ3(Ncr%xm9^;`CLZxB^7xDF!9d*!Z?^xr~5+WU5}QF0PU84jK{(lIZk(SvnsB~gv1
zlj+=CeCHxN!azmd6CA1`cEH{JR*xP83d#&_BJG1)G3~?ak$v!<hsb?!cfZ-A4}pSm
zAKXN-56$!L(0ZFOP#t>dBgC2o;|;ID;D8R~7Mo&af<ud4P>~~kE%b<K0k7lqtFO*?
zrz4J-=LiWrPZT46^W5Q{<3&Et-@9<uedJ>bm$5WZZV5i<-0gE-*SntRyUC<$hk2yW
zMvwngRJzde?`*`2R_Si@5Rc;mk7@nB3D<ml;F1+0*d4ONjjz{}$fta6wZb`jBu{F8
z;IsKdyc5FvnxESHnjif1e(&luJL~brhP@c<ngIN{i9R^}k-V|li%oSuo2L`CyVUTB
z+TF$r7k0suQC{I|(pUe&1;77)vbVEn9Rd)500bZa0SG_<0uX=z1R!u60=WM_4rR0f
z0SG_<0uX=z1Rwwb2tWV=5I9)@-2b1fKU#+X1Rwwb2tWV=5P$##AOHaf9ESkz|Bpi%
zZ9o755P$##AOHafKmY;|fB*zeRsi?^C+m;aApijgKmY;|fB*y_009U<00PG$fcyXB
zP(~XNfB*y_009U<00Izz00bZafs+-${r}1Oqjd;C00Izz00bZa0SG_<0uX?}aR}i4
z|2UM<1_U4g0SG_<0uX=z1Rwwb2teRu1#tg=vi@it0uX=z1Rwwb2tWV=5P$##AaEQ4
zxc@&6WwZeS2tWV=5P$##AOHafKmY;|I9UPQ|DUWsT897xAOHafKmY;|fB*y_009Ub
Hhrs^<9EZET

literal 0
HcmV?d00001

diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.Development.json b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.Development.json
new file mode 100644
index 0000000000..a1213fe246
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.Development.json
@@ -0,0 +1,18 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft": "Warning",
+      "Microsoft.Hosting.Lifetime": "Information"
+    }
+////#if (IndividualLocalAuth)
+//  },
+//  "IdentityServer": {
+//    "Key": {
+//      "Type": "Development"
+//    }
+//  }
+////#else
+//  }
+////#endif
+}
diff --git a/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.json b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.json
new file mode 100644
index 0000000000..1dfac21e6d
--- /dev/null
+++ b/src/ProjectTemplates/BlazorWasm.ProjectTemplates/content/BlazorWasm-CSharp/Server/appsettings.json
@@ -0,0 +1,41 @@
+{
+////#if (IndividualLocalAuth)
+//  "ConnectionStrings": {
+////#if (UseLocalDB)
+//    "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-BlazorWasm_CSharp.Server-53bc9b9d-9d6a-45d4-8429-2a2761773502;Trusted_Connection=True;MultipleActiveResultSets=true"
+////#else
+//    "DefaultConnection": "DataSource=app.db"
+////#endif
+//  },
+////#elseif (IndividualB2CAuth)
+//  "AzureAdB2C": {
+//    "Instance": "https:////aadB2CInstance.b2clogin.com/",
+//    "ClientId": "11111111-1111-1111-11111111111111111",
+//    "Domain": "qualified.domain.name",
+//    "SignUpSignInPolicyId": "MySignUpSignInPolicyId"
+//  },
+////#elseif (OrganizationalAuth)
+//  "AzureAd": {
+//    "Instance": "https:////login.microsoftonline.com/",
+//    "Domain": "qualified.domain.name",
+//    "TenantId": "22222222-2222-2222-2222-222222222222",
+//  },
+////#endif
+  "Logging": {
+      "LogLevel": {
+      "Default": "Information",
+      "Microsoft": "Warning",
+      "Microsoft.Hosting.Lifetime": "Information"
+      }
+    },
+////#if (IndividualLocalAuth)
+//  "IdentityServer": {
+//    "Clients": {
+//      "BlazorWasm_CSharp.Client": {
+//        "Profile": "IdentityServerSPA"
+//      }
+//    }
+//  },
+////#endif
+"AllowedHosts": "*"
+}
diff --git a/src/ProjectTemplates/test/BlazorWasmTemplateTest.cs b/src/ProjectTemplates/test/BlazorWasmTemplateTest.cs
index 0ac806a685..d0316b4469 100644
--- a/src/ProjectTemplates/test/BlazorWasmTemplateTest.cs
+++ b/src/ProjectTemplates/test/BlazorWasmTemplateTest.cs
@@ -3,12 +3,16 @@
 
 using System;
 using System.IO;
+using System.Linq;
 using System.Net;
+using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.E2ETesting;
 using Microsoft.Extensions.CommandLineUtils;
+using Newtonsoft.Json.Linq;
 using OpenQA.Selenium;
+using OpenQA.Selenium.Support.Extensions;
 using Templates.Test.Helpers;
 using Xunit;
 using Xunit.Abstractions;
@@ -47,17 +51,23 @@ namespace Templates.Test
 
             await BuildAndRunTest(project.ProjectName, project);
 
+            using var serveProcess = RunPublishedStandaloneBlazorProject(project);
+        }
+
+        private ProcessEx RunPublishedStandaloneBlazorProject(Project project)
+        {
             var publishDir = Path.Combine(project.TemplatePublishDir, project.ProjectName, "dist");
             AspNetProcess.EnsureDevelopmentCertificates();
 
             Output.WriteLine("Running dotnet serve on published output...");
-            using var serveProcess = ProcessEx.Run(Output, publishDir, DotNetMuxer.MuxerPathOrDefault(), "serve -S");
+            var serveProcess = ProcessEx.Run(Output, publishDir, DotNetMuxer.MuxerPathOrDefault(), "serve -S");
 
             // Todo: Use dynamic port assignment: https://github.com/natemcmaster/dotnet-serve/pull/40/files
             var listeningUri = "https://localhost:8080";
             Output.WriteLine($"Opening browser at {listeningUri}...");
             Browser.Navigate().GoToUrl(listeningUri);
             TestBasicNavigation(project.ProjectName);
+            return serveProcess;
         }
 
         [Fact]
@@ -114,7 +124,6 @@ namespace Templates.Test
             await BuildAndRunTest(project.ProjectName, project);
 
             var publishDir = Path.Combine(project.TemplatePublishDir, project.ProjectName, "dist");
-            AspNetProcess.EnsureDevelopmentCertificates();
 
             // When publishing the PWA template, we generate an assets manifest
             // and move service-worker.published.js to overwrite service-worker.js
@@ -122,26 +131,131 @@ namespace Templates.Test
             Assert.True(File.Exists(Path.Combine(publishDir, "service-worker.js")), "service-worker.js should be published");
             Assert.True(File.Exists(Path.Combine(publishDir, "service-worker-assets.js")), "service-worker-assets.js should be published");
 
+            using (var serverProcess = RunPublishedStandaloneBlazorProject(project))
+            {
+                // We want to use this form to ensure that it gets disposed right after the test.
+            }
+
             // Todo: Use dynamic port assignment: https://github.com/natemcmaster/dotnet-serve/pull/40/files
             var listeningUri = "https://localhost:8080";
 
-            Output.WriteLine("Running dotnet serve on published output...");
-            using (var serveProcess = ProcessEx.Run(Output, publishDir, DotNetMuxer.MuxerPathOrDefault(), "serve -S"))
-            {
-                Output.WriteLine($"Opening browser at {listeningUri}...");
-                Browser.Navigate().GoToUrl(listeningUri);
-                TestBasicNavigation(project.ProjectName);
-            }
-
             // The PWA template supports offline use. By now, the browser should have cached everything it needs,
             // so we can continue working even without the server.
+            ValidateAppWorksOffline(project, listeningUri);
+        }
+
+        private void ValidateAppWorksOffline(Project project, string listeningUri)
+        {
             Browser.Navigate().GoToUrl("about:blank"); // Be sure we're really reloading
             Output.WriteLine($"Opening browser without corresponding server at {listeningUri}...");
             Browser.Navigate().GoToUrl(listeningUri);
             TestBasicNavigation(project.ProjectName);
         }
 
-        protected async Task BuildAndRunTest(string appName, Project project)
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task BlazorWasmHostedTemplate_IndividualAuth_Works(bool useLocalDb)
+        {
+            var project = await ProjectFactory.GetOrCreateProject("blazorhostedindividual" + (useLocalDb ? "uld" : ""), Output);
+
+            var createResult = await project.RunDotNetNewAsync("blazorwasm", args: new[] { "--hosted", "-au", "Individual", useLocalDb ? "-uld" : "" });
+            Assert.True(0 == createResult.ExitCode, ErrorMessages.GetFailedProcessMessage("create/restore", project, createResult));
+
+            var serverProject = GetSubProject(project, "Server", $"{project.ProjectName}.Server");
+
+            var serverProjectFileContents = ReadFile(serverProject.TemplateOutputDir, $"{serverProject.ProjectName}.csproj");
+            if (!useLocalDb)
+            {
+                Assert.Contains(".db", serverProjectFileContents);
+            }
+
+            var appSettings = ReadFile(serverProject.TemplateOutputDir, "appSettings.json");
+            var element = JsonSerializer.Deserialize<JsonElement>(appSettings);
+            var clientsProperty = element.GetProperty("IdentityServer").EnumerateObject().Single().Value.EnumerateObject().Single();
+            var replacedSection = element.GetRawText().Replace(clientsProperty.Name, serverProject.ProjectName.Replace(".Server", ".Client"));
+            var appSettingsPath = Path.Combine(serverProject.TemplateOutputDir, "appSettings.json");
+            File.WriteAllText(appSettingsPath, replacedSection);
+
+            var publishResult = await serverProject.RunDotNetPublishAsync();
+            Assert.True(0 == publishResult.ExitCode, ErrorMessages.GetFailedProcessMessage("publish", serverProject, publishResult));
+
+            // Run dotnet build after publish. The reason is that one uses Config = Debug and the other uses Config = Release
+            // The output from publish will go into bin/Release/netcoreappX.Y/publish and won't be affected by calling build
+            // later, while the opposite is not true.
+
+            var buildResult = await serverProject.RunDotNetBuildAsync();
+            Assert.True(0 == buildResult.ExitCode, ErrorMessages.GetFailedProcessMessage("build", serverProject, buildResult));
+
+            var migrationsResult = await serverProject.RunDotNetEfCreateMigrationAsync("blazorwasm");
+            Assert.True(0 == migrationsResult.ExitCode, ErrorMessages.GetFailedProcessMessage("run EF migrations", serverProject, migrationsResult));
+            serverProject.AssertEmptyMigration("blazorwasm");
+
+            if (useLocalDb)
+            {
+                using var dbUpdateResult = await serverProject.RunDotNetEfUpdateDatabaseAsync();
+                Assert.True(0 == dbUpdateResult.ExitCode, ErrorMessages.GetFailedProcessMessage("update database", serverProject, dbUpdateResult));
+            }
+
+            await BuildAndRunTest(project.ProjectName, serverProject, usesAuth: true);
+
+            UpdatePublishedSettings(serverProject);
+
+            using var aspNetProcess = serverProject.StartPublishedProjectAsync();
+
+            Assert.False(
+                aspNetProcess.Process.HasExited,
+                ErrorMessages.GetFailedProcessMessageOrEmpty("Run published project", serverProject, aspNetProcess.Process));
+
+            await aspNetProcess.AssertStatusCode("/", HttpStatusCode.OK, "text/html");
+            if (BrowserFixture.IsHostAutomationSupported())
+            {
+                aspNetProcess.VisitInBrowser(Browser);
+                TestBasicNavigation(project.ProjectName, usesAuth: true);
+            }
+            else
+            {
+                BrowserFixture.EnforceSupportedConfigurations();
+            }
+        }
+
+        [Fact]
+        public async Task BlazorWasmStandaloneTemplate_IndividualAuth_Works()
+        {
+            var project = await ProjectFactory.GetOrCreateProject("blazorstandaloneindividual", Output);
+            project.TargetFramework = "netstandard2.1";
+
+            var createResult = await project.RunDotNetNewAsync("blazorwasm", args: new[] {
+                "-au",
+                "Individual",
+                "--authority",
+                "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration",
+                "--client-id",
+                "sample-client-id"
+            });
+
+            Assert.True(0 == createResult.ExitCode, ErrorMessages.GetFailedProcessMessage("create/restore", project, createResult));
+
+            var publishResult = await project.RunDotNetPublishAsync();
+            Assert.True(0 == publishResult.ExitCode, ErrorMessages.GetFailedProcessMessage("publish", project, publishResult));
+
+            // Run dotnet build after publish. The reason is that one uses Config = Debug and the other uses Config = Release
+            // The output from publish will go into bin/Release/netcoreappX.Y/publish and won't be affected by calling build
+            // later, while the opposite is not true.
+
+            var buildResult = await project.RunDotNetBuildAsync();
+            Assert.True(0 == buildResult.ExitCode, ErrorMessages.GetFailedProcessMessage("build", project, buildResult));
+
+            // We don't want to test the auth flow as we don't have the required settings to talk to a third-party IdP
+            // but we want to make sure that we are able to run the app without errors.
+            // That will at least test that we are able to initialize and retrieve the configuration from the IdP
+            // for that, we use the common microsoft tenant.
+            await BuildAndRunTest(project.ProjectName, project, usesAuth: false);
+
+            using var serveProcess = RunPublishedStandaloneBlazorProject(project);
+        }
+
+        protected async Task BuildAndRunTest(string appName, Project project, bool usesAuth = false)
         {
             using var aspNetProcess = project.StartBuiltProjectAsync();
 
@@ -153,7 +267,7 @@ namespace Templates.Test
             if (BrowserFixture.IsHostAutomationSupported())
             {
                 aspNetProcess.VisitInBrowser(Browser);
-                TestBasicNavigation(appName);
+                TestBasicNavigation(appName, usesAuth);
             }
             else
             {
@@ -161,8 +275,17 @@ namespace Templates.Test
             }
         }
 
-        private void TestBasicNavigation(string appName)
+        private void TestBasicNavigation(string appName, bool usesAuth = false)
         {
+            // Start fresh always
+            if (usesAuth)
+            {
+                Browser.ExecuteJavaScript("sessionStorage.clear()");
+                Browser.ExecuteJavaScript("localStorage.clear()");
+                Browser.Manage().Cookies.DeleteAllCookies();
+                Browser.Navigate().Refresh();
+            }
+
             // Give components.server enough time to load so that it can replace
             // the prerendered content before we start making assertions.
             Thread.Sleep(5000);
@@ -184,6 +307,40 @@ namespace Templates.Test
             Browser.FindElement(By.CssSelector("p+button")).Click();
             Browser.Equal("Current count: 1", () => Browser.FindElement(By.CssSelector("h1 + p")).Text);
 
+            if (usesAuth)
+            {
+                Browser.FindElement(By.PartialLinkText("Log in")).Click();
+                Browser.Contains("/Identity/Account/Login", () => Browser.Url);
+
+                Browser.FindElement(By.PartialLinkText("Register as a new user")).Click();
+
+                var userName = $"{Guid.NewGuid()}@example.com";
+                var password = $"!Test.Password1$";
+                Browser.Exists(By.Name("Input.Email"));
+                Browser.FindElement(By.Name("Input.Email")).SendKeys(userName);
+                Browser.FindElement(By.Name("Input.Password")).SendKeys(password);
+                Browser.FindElement(By.Name("Input.ConfirmPassword")).SendKeys(password);
+                Browser.FindElement(By.Id("registerSubmit")).Click();
+
+                // We will be redirected to the RegisterConfirmation
+                Browser.Contains("/Identity/Account/RegisterConfirmation", () => Browser.Url);
+                Browser.FindElement(By.PartialLinkText("Click here to confirm your account")).Click();
+
+                // We will be redirected to the ConfirmEmail
+                Browser.Contains("/Identity/Account/ConfirmEmail", () => Browser.Url);
+
+                // Now we can login
+                Browser.FindElement(By.PartialLinkText("Login")).Click();
+                Browser.Exists(By.Name("Input.Email"));
+                Browser.FindElement(By.Name("Input.Email")).SendKeys(userName);
+                Browser.FindElement(By.Name("Input.Password")).SendKeys(password);
+                Browser.FindElement(By.Id("login-submit")).Click();
+
+                // Need to navigate to fetch page
+                Browser.Navigate().GoToUrl(new Uri(Browser.Url).GetLeftPart(UriPartial.Authority));
+                Browser.Equal(appName.Trim(), () => Browser.Title.Trim());
+            }
+
             // Can navigate to the 'fetch data' page
             Browser.FindElement(By.PartialLinkText("Fetch data")).Click();
             Browser.Contains("fetchdata", () => Browser.Url);
@@ -194,6 +351,15 @@ namespace Templates.Test
             Browser.Equal(5, () => Browser.FindElements(By.CssSelector("p+table>tbody>tr")).Count);
         }
 
+        private string ReadFile(string basePath, string path)
+        {
+            var fullPath = Path.Combine(basePath, path);
+            var doesExist = File.Exists(fullPath);
+
+            Assert.True(doesExist, $"Expected file to exist, but it doesn't: {path}");
+            return File.ReadAllText(Path.Combine(basePath, path));
+        }
+
         private Project GetSubProject(Project project, string projectDirectory, string projectName)
         {
             var subProjectDirectory = Path.Combine(project.TemplateOutputDir, projectDirectory);
@@ -214,5 +380,25 @@ namespace Templates.Test
 
             return subProject;
         }
+
+        private void UpdatePublishedSettings(Project serverProject)
+        {
+            // Hijack here the config file to use the development key during publish.
+            var appSettings = JObject.Parse(File.ReadAllText(Path.Combine(serverProject.TemplateOutputDir, "appsettings.json")));
+            var appSettingsDevelopment = JObject.Parse(File.ReadAllText(Path.Combine(serverProject.TemplateOutputDir, "appsettings.Development.json")));
+            ((JObject)appSettings["IdentityServer"]).Merge(appSettingsDevelopment["IdentityServer"]);
+            ((JObject)appSettings["IdentityServer"]).Merge(new
+            {
+                IdentityServer = new
+                {
+                    Key = new
+                    {
+                        FilePath = "./tempkey.json"
+                    }
+                }
+            });
+            var testAppSettings = appSettings.ToString();
+            File.WriteAllText(Path.Combine(serverProject.TemplatePublishDir, "appsettings.json"), testAppSettings);
+        }
     }
 }
diff --git a/src/ProjectTemplates/test/Helpers/ProjectFactoryFixture.cs b/src/ProjectTemplates/test/Helpers/ProjectFactoryFixture.cs
index ffd1b0ae4f..4dbb65cf8c 100644
--- a/src/ProjectTemplates/test/Helpers/ProjectFactoryFixture.cs
+++ b/src/ProjectTemplates/test/Helpers/ProjectFactoryFixture.cs
@@ -48,7 +48,7 @@ namespace Templates.Test.Helpers
                         NodeLock = NodeLock,
                         Output = outputHelper,
                         DiagnosticsMessageSink = DiagnosticsMessageSink,
-                        ProjectGuid = Path.GetRandomFileName().Replace(".", string.Empty)
+                        ProjectGuid = Path.GetRandomFileName().Replace(".", string.Empty).Replace("-", "").Replace("_", "")
                     };
                     project.ProjectName = $"AspNet.{key}.{project.ProjectGuid}";
 
diff --git a/src/ProjectTemplates/test/Infrastructure/TemplateTests.props.in b/src/ProjectTemplates/test/Infrastructure/TemplateTests.props.in
index 25fbc524a4..103ccbeafc 100644
--- a/src/ProjectTemplates/test/Infrastructure/TemplateTests.props.in
+++ b/src/ProjectTemplates/test/Infrastructure/TemplateTests.props.in
@@ -40,6 +40,14 @@
       IsImplicitlyDefined="true" />
   </ItemGroup>
 
+  <!-- Temporarily remove the components analyzer due to build issues -->
+  <Target Name="RemoveComponentsAnalyzer" BeforeTargets="CoreCompile">
+    <ItemGroup>
+      <_AnalyzerToRemove Include="@(Analyzer)" Condition="'%(Analyzer.NuGetPackageId)' == 'Microsoft.AspNetCore.Components.Analyzers'" />
+      <Analyzer Remove="@(_AnalyzerToRemove)" />
+    </ItemGroup>
+  </Target>
+
   <ItemGroup Condition="'$(UsingMicrosoftNETSdkWeb)' == 'true' OR '$(RazorSdkCurrentVersionProps)' != ''">
     <!--
       Use the Razor SDK as a package reference. The version of the .NET Core SDK we build with often contains a version of the Razor SDK
diff --git a/src/ProjectTemplates/test/template-baselines.json b/src/ProjectTemplates/test/template-baselines.json
index aac6a24eec..8d3d3e223c 100644
--- a/src/ProjectTemplates/test/template-baselines.json
+++ b/src/ProjectTemplates/test/template-baselines.json
@@ -25,6 +25,7 @@
         "wwwroot/css/open-iconic/ICON-LICENSE",
         "wwwroot/css/open-iconic/README.md",
         "wwwroot/css/site.css",
+        "wwwroot/favicon.ico",
         "wwwroot/index.html",
         "wwwroot/sample-data/weather.json",
         "_Imports.razor"
@@ -55,8 +56,11 @@
         "Client/wwwroot/css/open-iconic/ICON-LICENSE",
         "Client/wwwroot/css/open-iconic/README.md",
         "Client/wwwroot/css/site.css",
+        "Client/wwwroot/favicon.ico",
         "Client/wwwroot/index.html",
         "Client/_Imports.razor",
+        "Server/appsettings.json",
+        "Server/appsettings.Development.json",
         "Server/Controllers/WeatherForecastController.cs",
         "Server/Program.cs",
         "Server/Properties/launchSettings.json",
@@ -89,6 +93,7 @@
         "wwwroot/css/open-iconic/ICON-LICENSE",
         "wwwroot/css/open-iconic/README.md",
         "wwwroot/css/site.css",
+        "wwwroot/favicon.ico",
         "wwwroot/icon-512.png",
         "wwwroot/index.html",
         "wwwroot/manifest.json",