How to use with .NET 8 Blazor Web App?

[johnW-ret]

Because the existing Microsoft.Identity.Web.UI uses controllers, I imagined that the existing package should work with the new .NET 8 Blazor Web app given some slight modification.

My process so far:

1. Created template with dotnet new blazorserver --auth IndividualB2C --aad-b2c-instance [instance-id]
2. Filled out appsettings.json - can get .NET 7 Blazor Server to work with my B2C App registration.
3. Created empty .NET 8 Blazor Web App template with dotnet new blazor, copying minimal code and relevant appsettings.json, which involves the following initialization code:
   a.

   builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
       .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAdB2C"));
   builder.Services.AddControllersWithViews()
       .AddMicrosoftIdentityUI();

   app.UseRouting();
   app.UseAuthorization();
   app.UseAntiforgery();
   app.MapControllers();
   app.MapRazorComponents<App>();

4. AuthenticationStateProvider not added by default in new template, must call

   services.TryAddScoped<AuthenticationStateProvider, ServerAuthenticationStateProvider>();

   or

   builder.Services.AddServerSideBlazor();

Issues encountered:

1. When using a default AuthorizationPolicy (such as by calling app.MapRazorComponents<App>().RequireAuthorization()), the sign-in page immediately opens and after completion, successfully redirects back to the application. However, when this policy is not added and the user attempts to sign in by navigating to MicrosoftIdentity/Account/SignIn, they receive the following CORS error:

   SignIn:1 Access to fetch at 'https://[my-tenant].b2clogin.com/[my-tenant].onmicrosoft.com/b2c_1_signupandsignin1/oauth2/v2.0/authorize?client_id=[client-ID]&redirect_uri=https%3A%2F%2Flocalhost%3A7112%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=[nonce]&client_info=1&x-client-brkrver=IDWeb.2.13.2.0&state=[state]&x-client-SKU=ID_NET6_0&x-client-ver=6.32.0.0' (redirected from 'https://localhost:7112/MicrosoftIdentity/Account/SignIn') from origin 'https://localhost:7112' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

2. When the default AuthorizationPolicy is set and the user signs-in, attempting to sign out puts them in an infinite loop.

---

I thought about opening an issue for official .NET 8 support, but I wanted to preclude the possibility that what I'm encountering is user error first.

[johnW-ret]

Note: I have identified that this is due to the enhanced navigation in Blazor .NET 8 and signing in with

NavigationManager.NavigateTo("MicrosoftIdentity/Account/SignIn", forceLoad: true);

leads to correct behavior.

[jmprieur]

It might be good to ask on the official ASP.NET Core repo, indeed.
Thanks @johnW-ret

[johnW-ret]

Thanks for the reply. I was able to get it to work on .NET 8 by double-wrapping components that use auth with an additional CascadingAuthenticationState, but I do have a question that I do think pertains to this repo:

in the .NET 7 template / clean repro, this call to Url.Page for sign-out redirect results in https://[host]/MicrosoftIdentity/Account/SignedOut, but on .NET 8 Blazor Web App, it appends the page as a query parameter https://[host]/MicrosoftIdentity/Account/SignOut?page=%2FAccount%2FSignedOut, which gets handled by the same endpoint method and causes an infinite redirect loop.

Any general pointers on where to investigate to figure out why Url.Page's behavior changed?

Everything else seems to port over flawlessly 👍

[johnW-ret]

It might be good to ask on the official ASP.NET Core repo, indeed. Thanks @johnW-ret
I have asked on the aspnetcore repo and found that I was missing the new API, builder.Services.AddCascadingAuthenticationState(). As for the infinite loop on SignOut, I have been tinkering but yet to find a solution for.

[jpgarza93]

Having the same issue with the infinite signout redirect loop while migrating to .NET 8. Did you find a workaround?

[jpgarza93]

I found a workaround for my app.

Instead of using this to redirect back to index page on signout:

app.UseRewriter(new RewriteOptions().AddRedirect("MicrosoftIdentity/Account/SignedOut", "/"));

I use this to redirect on signout:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(options =>
                 {
                     /// add azure ad b2c settings
                     builder.Configuration.Bind("MyAzureAdB2C", options);
                     /// handle signout redirect back to home page
                     options.Events.OnSignedOutCallbackRedirect = context =>
                     {
                         context.Response.Redirect(context.Options.SignedOutRedirectUri);
                         context.HandleResponse();
                         return Task.CompletedTask;
                     };
                 })

[jpgarza93]

A better workaround was to just include this call:

builder.Services.AddRazorPages(); /// Microsoft.Identity.Web.UI still uses razor pages