Requests seems to randomly not be logged in

[kimbirkelund]

We're experiencing that requests (sometimes up to 50%) made from the frontend forget that a user is logged in.

For endpoints that are explicitly authenticated in staticwebapp.config.json this results in a redirect (due to fallback on 401 configuration) and for endpoints that allow anonymous there is no x-ms-client-principal header once the backend is reached.

For the .auth/me it either returns the expected JSON object or our index.html (without redirecting).

I have no idea how to reproduce it. We've only experienced on one SWA instance and we have quite a few, but we experience it on all environments of that specific instance.

This SWA is a bit special, compared to our other instances, in that it is using an App Service as a linked API and custom Azure AD providers. But other than that nothing special.

I'm really at a loss as to what to try.

[sv-nonsilo]

I have very similar behavior of the static web app recent days. Success login, and just single .js or .css or any font file for some reason is redirect to auth and application is broken. Everything worked with the same configuration, but suddenly few days ago everything stopped working as expected. Some requests to get static files randomly fails with 50/50 frequency.

@kimbirkelund Have you found any origin of the problem or this is something on the Azure/MS side?

[kimbirkelund]

I can only conclude it is an issue with Azure/MS.

I've implemented a workaround where I sign in using a cookie authentication handler and then fallback to that when the header is missing.

I've also reverted to allowing anonymous for all routes and handling redirects manually.