Ponant

Motivation behind this question: I already have a `ResultFilterAttribute` with logic in it that can be applied on indivudual pages. Implementing the same logic on a folder will require me...

Dear Damien, Thank you for your detailed response. I think it will be of help to others to have this kind of information in the readme. OK, that what I...

A bit like here on github: when we insert a comment, the page does not refresh.

And of course the underlying idea is to have a bff model as I do strongly believe that tokens should not live in the browser neither.

Dear Damien, I come back after tweaking a bit your template and after reading the Duende team on youtube. So far your template uses a `SameSite.Strict` antiforgery cookie, but the...

hello, I think there is an issue with the choice of having a post submit form for the logout for a spa. Going beyond this, it is not clear now...

It works if we make an Get request `link logout` and change the logout action to `HttpGet` and drop the antiforgery. But in this case you get an infitie loop...

Also you do not need the Microsoft Identity UI (at least not in my case where I did not need the graph and external api calls). And `AddControllers` is suffucient...

Worth noting also is that whenever we log in or log out, there is an extra question mark in the url before redirecting to azure B2C. `api/account/login?`

But you are using Lax for the Asp.NetCore cookie, right? It works with Lax, not Strict for the auth cookie (I did not succeed). If you are confident it should...