Blazor Server On Connection Authentication

[markat1]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

I have an issue with windows authentication in a blazor server "system.Objectdisposedexception: Safe handle has been closed". In #12051 @stevensanderson

To resolve this, we need some extra logic that, whenever the circuit connection becomes up (equivalent to OnConnectionUpAsync on a circuit handler), we grab the latest User from the HubContext (or HttpContext if we must, but HubContext is more correct) and pass it to the built-in authentication state provider, which can update its own internal state and call its own NotifyAuthenticationStateChanged.

I dont really understand what it means, and I haven't had luck on finding any sample that shows how it could be solved

Expected Behavior

I expect that It shoulnt drop this system.objectdisposeexception

Steps To Reproduce

I use the following custom authstateprovider:

 public class TestAuthStateProvider : AuthenticationStateProvider
    {
        private readonly IHttpContextAccessor _httpContextAccessor;

        public TestAuthStateProvider(IHttpContextAccessor httpContextAccessor)
        {
            _httpContextAccessor = httpContextAccessor;
        }
        
        public override async Task<AuthenticationState> GetAuthenticationStateAsync()
        {
          
            var authuser = GetUser() ?? new ClaimsPrincipal(new ClaimsIdentity());

            await Task.Delay(1);

            return new AuthenticationState(authuser);
        }

        public ClaimsPrincipal? GetUser()
        {
            return _httpContextAccessor?.HttpContext?.User;
        }

    }

Exceptions (if any)

[01/11/2022 10:49:15 WRN] Unhandled exception rendering component: Safe handle has been closed.
Object name: 'SafeHandle'.
System.ObjectDisposedException: Safe handle has been closed.
Object name: 'SafeHandle'.
   at System.StubHelpers.StubHelpers.SafeHandleAddRef(SafeHandle pHandle, Boolean& success)
   at Interop.Advapi32.DuplicateTokenEx(SafeAccessTokenHandle hExistingToken, UInt32 dwDesiredAccess, IntPtr lpTokenAttributes, UInt32 ImpersonationLevel, UInt32 TokenType, SafeAccessTokenHandle& phNewToken)
   at System.Security.Principal.WindowsPrincipal.IsInRole(SecurityIdentifier sid)
   at System.Security.Principal.WindowsPrincipal.IsInRole(String role)
   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   at Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.HandleRequirementAsync(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
   at Microsoft.AspNetCore.Authorization.AuthorizationHandler`1.HandleAsync(AuthorizationHandlerContext context)
   at Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.HandleAsync(AuthorizationHandlerContext context)
   at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, IEnumerable`1 requirements)
   at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.IsAuthorizedAsync(ClaimsPrincipal user)
   at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.OnParametersSetAsync()
   at Microsoft.AspNetCore.Components.ComponentBase.CallStateHasChangedOnAsyncCompletion(Task task)
[01/11/2022 10:49:16 ERR] Unhandled exception in circuit 'iu_JUNYyhrCtLJxkwbzxX87ohvDjr3seIuRUs3BmtCg'.
System.ObjectDisposedException: Safe handle has been closed.
Object name: 'SafeHandle'.
   at System.StubHelpers.StubHelpers.SafeHandleAddRef(SafeHandle pHandle, Boolean& success)
   at Interop.Advapi32.DuplicateTokenEx(SafeAccessTokenHandle hExistingToken, UInt32 dwDesiredAccess, IntPtr lpTokenAttributes, UInt32 ImpersonationLevel, UInt32 TokenType, SafeAccessTokenHandle& phNewToken)
   at System.Security.Principal.WindowsPrincipal.IsInRole(SecurityIdentifier sid)
   at System.Security.Principal.WindowsPrincipal.IsInRole(String role)
   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   at Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.HandleRequirementAsync(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
   at Microsoft.AspNetCore.Authorization.AuthorizationHandler`1.HandleAsync(AuthorizationHandlerContext context)
   at Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.HandleAsync(AuthorizationHandlerContext context)
   at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, IEnumerable`1 requirements)
   at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.IsAuthorizedAsync(ClaimsPrincipal user)
   at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.OnParametersSetAsync()
   at Microsoft.AspNetCore.Components.ComponentBase.CallStateHasChangedOnAsyncCompletion(Task task)
[01/11/2022 10:49:16 WRN] Unhandled exception rendering component: Safe handle has been closed.
Object name: 'SafeHandle'.
System.ObjectDisposedException: Safe handle has been closed.
Object name: 'SafeHandle'.
   at System.StubHelpers.StubHelpers.SafeHandleAddRef(SafeHandle pHandle, Boolean& success)
   at Interop.Advapi32.DuplicateTokenEx(SafeAccessTokenHandle hExistingToken, UInt32 dwDesiredAccess, IntPtr lpTokenAttributes, UInt32 ImpersonationLevel, UInt32 TokenType, SafeAccessTokenHandle& phNewToken)
   at System.Security.Principal.WindowsPrincipal.IsInRole(SecurityIdentifier sid)
   at System.Security.Principal.WindowsPrincipal.IsInRole(String role)
   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   at Microsoft.AspNetCore.Authorization.Infrastructure.RolesAuthorizationRequirement.HandleRequirementAsync(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement)
   at Microsoft.AspNetCore.Authorization.AuthorizationHandler`1.HandleAsync(AuthorizationHandlerContext context)
   at Microsoft.AspNetCore.Authorization.Infrastructure.PassThroughAuthorizationHandler.HandleAsync(AuthorizationHandlerContext context)
   at Microsoft.AspNetCore.Authorization.DefaultAuthorizationService.AuthorizeAsync(ClaimsPrincipal user, Object resource, IEnumerable`1 requirements)
   at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.IsAuthorizedAsync(ClaimsPrincipal user)
   at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.OnParametersSetAsync()
   at Microsoft.AspNetCore.Components.ComponentBase.CallStateHasChangedOnAsyncCompletion(Task task)
[01/11/2022 10:49:16 ERR] Unhandled exception in circuit 'iu_JUNYyhrCtLJxkwbzxX87ohvDjr3seIuRUs3BmtCg'.
System.ObjectDisposedException: Safe handle has been closed.
Object name: 'SafeHandle'.

.NET Version

blazor server template .net 6

Anything else?

No response

[mkArtakMSFT]

Thanks for contacting us. We will need a little bit more information to be able to guide you here. Please provide a minimal repro project (hosted as a public GitHub repository), which will showcase what you're trying to do. Also, please include a note about what actions we will have to take to get the exception that you're facing.

Hi @markat1. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

[markat1]

I made this repository way back in may - https://github.com/markat1/WindowsAuthenticationProblem.

[markat1]

Issue seems to happen more often if I call AuthenticationStateTask other than from OnInitializedAsync() .

So now I only get authenticated user once or just person name and store it in a property, so I don't have to call AuthenticationStateTask more than once, which seems to reduce issue.

  protected async override Task OnInitializedAsync()
   {
            UserName = await GetAuthenticatedUserAsync();
   }

 private async Task<string> GetAuthenticatedUserAsync()
 {
       var authState = await AuthenticationStateTask;
       return authState?.User.Identity?.Name;
 }

[markat1]

It's not easy to pinpoint exactly how I would trigger ObjectDisposedException
you could try call AuthenticationStateTask multiple times. That might throw ObjectDisposedException.

[javiercn]

@markat1 we do not recommend using IHttpContextAccessor in Blazor.

See https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-context?view=aspnetcore-6.0#blazor-and-shared-state

[javiercn]

As an aside, it is not clear to me why you are trying to use a handler. The circuit automatically re-evaluates the principal on reconnection https://github.com/dotnet/aspnetcore/blob/main/src/Components/Server/src/ComponentHub.cs#L182