dotnet · dariatiurina · Dec 10, 2025 · Dec 10, 2025 · Dec 11, 2025 · Dec 11, 2025
@@ -0,0 +1,125 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Text.Json;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.WebUtilities;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+
+namespace Microsoft.AspNetCore.Components.Endpoints;
+
+internal sealed partial class CookieTempDataProvider : ITempDataProvider
+{
+    private const string CookieName = ".AspNetCore.Components.TempData";
+    private const string Purpose = "Microsoft.AspNetCore.Components.CookieTempDataProviderToken.v1";
+    private const int MaxEncodedLength = 4050;
+    private readonly IDataProtector _dataProtector;
+
+    public CookieTempDataProvider(
+        IDataProtectionProvider dataProtectionProvider)
+    {
+        _dataProtector = dataProtectionProvider.CreateProtector(Purpose);
+    }
+
+    public IDictionary<string, object?> LoadTempData(HttpContext context)
+    {
+        try
+        {
+            var serializedDataFromCookie = context.Request.Cookies[CookieName];
+            if (serializedDataFromCookie is null)
+            {
+                return new Dictionary<string, object?>();
+            }
+
+            var protectedBytes = WebEncoders.Base64UrlDecode(serializedDataFromCookie);
+            var unprotectedBytes = _dataProtector.Unprotect(protectedBytes);
+
+            var dataFromCookie = JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(unprotectedBytes);
+
+            if (dataFromCookie is null)
+            {
+                return new Dictionary<string, object?>();
+            }
+
+            var convertedData = new Dictionary<string, object?>();
+            foreach (var kvp in dataFromCookie)
+            {
+                convertedData[kvp.Key] = TempDataSerializer.ConvertJsonElement(kvp.Value);
+            }
+            return convertedData;
+        }
+        catch (Exception ex)
+        {
+            // If any error occurs during loading (e.g. data protection key changed, malformed cookie),
+            // return an empty TempData dictionary.
+            if (context.RequestServices.GetService<ILogger<CookieTempDataProvider>>() is { } logger)
+            {
+                Log.TempDataCookieLoadFailure(logger, CookieName, ex);
+            }
+
+            context.Response.Cookies.Delete(CookieName, new CookieOptions
+            {
+                Path = context.Request.PathBase.HasValue ? context.Request.PathBase.Value : "/",
+            });
+            return new Dictionary<string, object?>();
+        }
+    }
+
+    public void SaveTempData(HttpContext context, IDictionary<string, object?> values)
+    {
+        foreach (var kvp in values)
+        {
+            if (!TempDataSerializer.CanSerializeType(kvp.Value?.GetType() ?? typeof(object)))
+            {
+                throw new InvalidOperationException($"TempData cannot store values of type '{kvp.Value?.GetType()}'.");
+            }
+        }
+
+        if (values.Count == 0)
+        {
+            context.Response.Cookies.Delete(CookieName, new CookieOptions
+            {
+                Path = context.Request.PathBase.HasValue ? context.Request.PathBase.Value : "/",
+            });
+            return;
+        }
+
+        var bytes = JsonSerializer.SerializeToUtf8Bytes(values);
+        var protectedBytes = _dataProtector.Protect(bytes);
+        var encodedValue = WebEncoders.Base64UrlEncode(protectedBytes);
+
+        if (encodedValue.Length > MaxEncodedLength)
+        {
+            if (context.RequestServices.GetService<ILogger<CookieTempDataProvider>>() is { } logger)
+            {
+                Log.TempDataCookieSaveFailure(logger, CookieName);
+            }
+
+            context.Response.Cookies.Delete(CookieName, new CookieOptions
+            {
+                Path = context.Request.PathBase.HasValue ? context.Request.PathBase.Value : "/",
+            });
+            return;
+        }
+
+        context.Response.Cookies.Append(CookieName, encodedValue, new CookieOptions
+        {
+            HttpOnly = true,
+            IsEssential = true,
+            SameSite = SameSiteMode.Lax,
+            Secure = context.Request.IsHttps,
+            Path = context.Request.PathBase.HasValue ? context.Request.PathBase.Value : "/",
+        });
+    }
+
+    private static partial class Log
+    {
+        [LoggerMessage(3, LogLevel.Warning, "The temp data cookie {CookieName} could not be loaded.", EventName = "TempDataCookieLoadFailure")]
+        public static partial void TempDataCookieLoadFailure(ILogger logger, string cookieName, Exception exception);
+
+        [LoggerMessage(3, LogLevel.Warning, "The temp data cookie {CookieName} could not be saved, because it is too large to fit in a single cookie.", EventName = "TempDataCookieSaveFailure")]
+        public static partial void TempDataCookieSaveFailure(ILogger logger, string cookieName);
+    }
+}
@@ -0,0 +1,22 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Components.Endpoints;
+
+/// <summary>
+/// Provides an abstraction for a provider that stores and retrieves temporary data.
+/// </summary>
+public interface ITempDataProvider
+{
+    /// <summary>
+    /// Loads temporary data from the given <see cref="HttpContext"/>.
+    /// </summary>
+    IDictionary<string, object?> LoadTempData(HttpContext context);
+
+    /// <summary>
+    /// Saves temporary data to the given <see cref="HttpContext"/>.
+    /// </summary>
+    void SaveTempData(HttpContext context, IDictionary<string, object?> values);
+}
@@ -74,6 +74,7 @@ public static IRazorComponentsBuilder AddRazorComponents(this IServiceCollection
         services.TryAddCascadingValue(sp => sp.GetRequiredService<EndpointHtmlRenderer>().HttpContext);
         services.TryAddScoped<WebAssemblySettingsEmitter>();
         services.TryAddScoped<ResourcePreloadService>();
+        services.AddTempDataValueProvider();
 
         services.TryAddScoped<ResourceCollectionProvider>();
         RegisterPersistentComponentStateServiceCollectionExtensions.AddPersistentServiceRegistration<ResourceCollectionProvider>(services, RenderMode.InteractiveWebAssembly);

@@ -0,0 +1,31 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.Components.Endpoints;
+
+internal sealed partial class TempDataService
+{
+    private readonly ITempDataProvider _tempDataProvider;
+
+    public TempDataService(ITempDataProvider tempDataProvider)
+    {
+        _tempDataProvider = tempDataProvider;
+    }
+
+    public TempData CreateEmpty(HttpContext httpContext)
+    {
+        return new TempData(() => Load(httpContext));
+    }
+
+    public IDictionary<string, object?> Load(HttpContext httpContext)
+    {
+        return _tempDataProvider.LoadTempData(httpContext);
+    }
+
+    public void Save(HttpContext httpContext, TempData tempData)
+    {
+        _tempDataProvider.SaveTempData(httpContext, tempData.Save());
+    }
+}
@@ -1,3 +1,14 @@
 #nullable enable
 Microsoft.AspNetCore.Components.Endpoints.BasePath
 Microsoft.AspNetCore.Components.Endpoints.BasePath.BasePath() -> void
+Microsoft.AspNetCore.Components.Endpoints.ITempDataProvider
+Microsoft.AspNetCore.Components.Endpoints.ITempDataProvider.LoadTempData(Microsoft.AspNetCore.Http.HttpContext! context) -> System.Collections.Generic.IDictionary<string!, object?>!
+Microsoft.AspNetCore.Components.Endpoints.ITempDataProvider.SaveTempData(Microsoft.AspNetCore.Http.HttpContext! context, System.Collections.Generic.IDictionary<string!, object?>! values) -> void
+Microsoft.AspNetCore.Components.Endpoints.TempDataProviderServiceCollectionExtensions
+Microsoft.AspNetCore.Components.ITempData
+Microsoft.AspNetCore.Components.ITempData.ContainsValue(object! value) -> bool
+Microsoft.AspNetCore.Components.ITempData.Get(string! key) -> object?
+Microsoft.AspNetCore.Components.ITempData.Keep() -> void
+Microsoft.AspNetCore.Components.ITempData.Keep(string! key) -> void
+Microsoft.AspNetCore.Components.ITempData.Peek(string! key) -> object?
+static Microsoft.AspNetCore.Components.Endpoints.TempDataProviderServiceCollectionExtensions.AddTempDataValueProvider(this Microsoft.Extensions.DependencyInjection.IServiceCollection! services) -> Microsoft.Extensions.DependencyInjection.IServiceCollection!
@@ -0,0 +1,37 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Components;
+
+/// <summary>
+/// Provides a dictionary for storing data that is needed for subsequent requests.
+/// Data stored in TempData is automatically removed after it is read unless
+/// <see cref="Keep()"/> or <see cref="Keep(string)"/> is called, or it is accessed via <see cref="Peek(string)"/>.
+/// </summary>
+public interface ITempData : IDictionary<string, object?>
+{
+    /// <summary>
+    /// Gets the value associated with the specified key and then schedules it for deletion.
+    /// </summary>
+    object? Get(string key);
+
+    /// <summary>
+    /// Gets the value associated with the specified key without scheduling it for deletion.
+    /// </summary>
+    object? Peek(string key);
+
+    /// <summary>
+    /// Makes all of the keys currently in TempData persist for another request.
+    /// </summary>
+    void Keep();
+
+    /// <summary>
+    /// Makes the element with the <paramref name="key"/> persist for another request.
+    /// </summary>
+    void Keep(string key);
+
+    /// <summary>
+    /// Returns true if the TempData dictionary contains the specified <paramref name="value"/>.
+    /// </summary>
+    bool ContainsValue(object value);
+}