Securing an ASP.NET Core Blazor WebAssembly hosted app with Azure Active Directory using WSFed/Saml
How does one go about securing a hosted Blazor app with WSFed? I keep getting a "Failed to construct 'URL': Invalid URL" error. I was successful with OIDC but I am struggling with WSFederation.
I followed the instruction here:
Then made these changes to the app:
appsettings.json
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "<Tenant Name>.onmicrosoft.com",
"TenantId": "<Tenant ID>",
"ClientId": "<Client ID>"
}
Server: Startup.cs
services.AddAuthentication(sharedOptions => {
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options => {
options.Wtrealm = "https://<Tenant Name>.onmicrosoft.com/<App Name>";
options.MetadataAddress = "<Metadata URL>";
})
.AddCookie().AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"));
Client: Program.cs
builder.Services.AddHttpClient("<Server API Name>", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress)) .AddHttpMessageHandler();
builder.Services.AddScoped(sp => sp.GetRequiredService().CreateClient("<Server API Name>"));
builder.Services.AddMsalAuthentication(options => {
builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
options.ProviderOptions.DefaultAccessTokenScopes.Add("https://<Tenant Name>.onmicrosoft.com/<App ID>/API.Access");
});
Full Error Message:
blazor.webassembly.js:1 crit: Microsoft.AspNetCore.Components.WebAssembly.Rendering.WebAssemblyRenderer[100] Unhandled exception rendering component: Failed to construct 'URL': Invalid URL TypeError: Failed to construct 'URL': Invalid URL at new u (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:1989) at Function.init (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:7229) at https://localhost:44326/_framework/blazor.webassembly.js:1:3942 at new Promise () at Object.beginInvokeJSFromDotNet (https://localhost:44326/_framework/blazor.webassembly.js:1:3908) at Object.w [as invokeJSFromDotNet] (https://localhost:44326/_framework/blazor.webassembly.js:1:64232) at _mono_wasm_invoke_js_blazor (https://localhost:44326/_framework/dotnet.5.0.13.js:1:190800) at do_icall (wasm://wasm/00aba242:wasm-function[10596]:0x194e4e) at do_icall_wrapper (wasm://wasm/00aba242:wasm-function[3305]:0x79df9) at interp_exec_method (wasm://wasm/00aba242:wasm-function[2155]:0x44ad3) Microsoft.JSInterop.JSException: Failed to construct 'URL': Invalid URL TypeError: Failed to construct 'URL': Invalid URL at new u (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:1989) at Function.init (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:7229) at https://localhost:44326/_framework/blazor.webassembly.js:1:3942 at new Promise () at Object.beginInvokeJSFromDotNet (https://localhost:44326/_framework/blazor.webassembly.js:1:3908) at Object.w [as invokeJSFromDotNet] (https://localhost:44326/_framework/blazor.webassembly.js:1:64232) at _mono_wasm_invoke_js_blazor (https://localhost:44326/_framework/dotnet.5.0.13.js:1:190800) at do_icall (wasm://wasm/00aba242:wasm-function[10596]:0x194e4e) at do_icall_wrapper (wasm://wasm/00aba242:wasm-function[3305]:0x79df9) at interp_exec_method (wasm://wasm/00aba242:wasm-function[2155]:0x44ad3) at Microsoft.JSInterop.JSRuntime.d__151[[System.Object, System.Private.CoreLib, Version=5.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].MoveNext() at Microsoft.JSInterop.JSRuntimeExtensions.InvokeVoidAsync(IJSRuntime jsRuntime, String identifier, Object[] args) at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService
3.d__27[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService3.d__26[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService
3.d__25[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService`3.d__17[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.OnParametersSetAsync() at Microsoft.AspNetCore.Components.ComponentBase.CallStateHasChangedOnAsyncCompletion(Task task) at Microsoft.AspNetCore.Components.RenderTree.Renderer.GetErrorHandledTask(Task taskToHandle)
Thank you for your time.