New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blazor WASM - Azure AD B2C - .NET 5 prerelease v5.0.0-rc.1.20451.17 Login Errors #26195
Comments
I'm facing a similar problem as well. I followed the Blazor WASM Standalone with AAD B2C tutorial (also tried Hosted with AAD B2C), and upon successful login, I get redirected to However, I am stuck on this page. On further inspection, I noticed the following Printed on Console
Network: The request to the above url returns the following response
It seems that the login is successful as Azure Portal does show that the user has performed a successful sign in request. However, the Blazor WASM app doesn't recognise that I've logged in. I've tried with .NET Core 3.1 as well and it works fine. |
@Zhiyuan-Amos I see that same 'client_secret' error if I look deeper. I've tried all kinds of things by changing the authority value. With and without {Tenant domain}. With
Without
} The entire reason I want to upgrade to .NET 5 is for the redirect feature. Who wants a popup when logging in? Not me! Program.cs
|
I am getting word from a Microsoft employee, which I am in contact with via email; when you upgrade, that you should be using Azure B2C application auth plane application registration "spa" and not "web". Switching over causes other issues, such as not even getting to the login page. with this error. (This is not in the documentation) MSFT Employee Quote : |
@Zhiyuan-Amos Quote: OK I see what's going on - short version is about 5 teams are all coalescing at once - b2c supports pkce, but msal 2x does not yet support it for b2c, but msaljs 2 is what's in rc5. I'll check in with a few folks to get the current story on timelines - in the interim, it looks like popup with netcore 3.1 is the best bet until this gets sorted. |
@Zhiyuan-Amos @bratsche
As a bonus if you don't want the popup and redirect back to home page do this.
|
Above is a workaround, but MSFT still needs to apply a fix when they release RC2 |
Coming soon for the Blazor WASM security topics on dotnet/AspNetCore.Docs#19503. Working on the doc updates should start this week or next and should take less than a week (or a little more if I hit any major snags). Just a general note in passing to all of the community subscribers here: We don't usually document major framework updates until at least RC1 because the change sets are too time-consuming to keep up with preview-to-preview. Now that we've entered RC1, pre-release docs can be worked up. I'm just waiting on a couple of open PRs to merge before starting the work. The work shouldn't (in theory) take long, so I anticipate docs within a few weeks. You can keep an 👁️ on dotnet/AspNetCore.Docs#19503 for an attached PR and then track on the PR when it appears. |
I have setup a Azure B2C tenant.
Note: prior to upgrading from .NET Core 3.1 to .NET 5 my project authentication was working fine.
The error I am getting is the following after accessing the login page, entering my credentials, and redirected back to my application (blazor wasm):
Gets here and stays
error
abc.b2clogin.com/abc.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/token:1 Failed to load resource: the server responded with a status of 400 (Bad Request)
Extra Information:
index.html
RedirectToLogin.razor
App.razor
MyProject.csproj
AppSetting.json - I changed the dns and client id values. Note: I did not setup a signup user flow, just signin.
To check if it's my project, I did the following.
dotnet new blazorwasm -au IndividualB2C --aad-b2c-instance "https://abc.b2clogin.com/sshnet.onmicrosoft.com/" --client-id "111-111-111-111" --domain "abc.onmicrosoft.com" -o appname -ssp "B2C_1_signin"
Everything looks exactly the same, except for the appsetting.json inserts the domain value in the uri.
{
"AzureAdB2C": {
"Authority": "https://abc.b2clogin.com/abc.onmicrosoft.com/B2C_1_signin",
"ClientId": "111-111-111-111",
"ValidateAuthority": false
}
}
If I run the app with it configured with the domain value, this is the error I get.
If I change the AppSettings.json to how I have it with my application and remove 'domain' like so..
Then I now get redirected to the login page and I can login
But I then get the same exact error as my application.
Note: My Azure B2C Application configuration hasn't changed and was working with the .NET Core 3.1 applications just fine.
Hopefully, this is not a bug and I'm just not aware of something and can get pointed towards a fix.
The text was updated successfully, but these errors were encountered: