Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,492 questions
Securing an ASP.NET Core Blazor WebAssembly hosted app with Azure Active Directory using WSFed/Saml
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 42%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELJ%3C/text%3E%3C/svg%3E)
Leaverton, John
1
Reputation point
How does one go about securing a hosted Blazor app with WSFed? I keep getting a "Failed to construct 'URL': Invalid URL" error. I was successful with OIDC but I am struggling with WSFederation.
I followed the instruction here:
Then made these changes to the app:
appsettings.json
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "<Tenant Name>.onmicrosoft.com",
"TenantId": "<Tenant ID>",
"ClientId": "<Client ID>"
}
Server: Startup.cs
services.AddAuthentication(sharedOptions => {
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
})
.AddWsFederation(options => {
options.Wtrealm = "https://<Tenant Name>.onmicrosoft.com/<App Name>";
options.MetadataAddress = "<Metadata URL>";
})
.AddCookie().AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"));
Client: Program.cs
builder.Services.AddHttpClient("<Server API Name>", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress)) .AddHttpMessageHandler();
builder.Services.AddScoped(sp => sp.GetRequiredService().CreateClient("<Server API Name>"));
builder.Services.AddMsalAuthentication(options => {
builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
options.ProviderOptions.DefaultAccessTokenScopes.Add("https://<Tenant Name>.onmicrosoft.com/<App ID>/API.Access");
});
Full Error Message:
blazor.webassembly.js:1 crit: Microsoft.AspNetCore.Components.WebAssembly.Rendering.WebAssemblyRenderer[100] Unhandled exception rendering component: Failed to construct 'URL': Invalid URL TypeError: Failed to construct 'URL': Invalid URL at new u (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:1989) at Function.init (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:7229) at https://localhost:44326/_framework/blazor.webassembly.js:1:3942 at new Promise () at Object.beginInvokeJSFromDotNet (https://localhost:44326/_framework/blazor.webassembly.js:1:3908) at Object.w [as invokeJSFromDotNet] (https://localhost:44326/_framework/blazor.webassembly.js:1:64232) at _mono_wasm_invoke_js_blazor (https://localhost:44326/_framework/dotnet.5.0.13.js:1:190800) at do_icall (wasm://wasm/00aba242:wasm-function[10596]:0x194e4e) at do_icall_wrapper (wasm://wasm/00aba242:wasm-function[3305]:0x79df9) at interp_exec_method (wasm://wasm/00aba242:wasm-function[2155]:0x44ad3) Microsoft.JSInterop.JSException: Failed to construct 'URL': Invalid URL TypeError: Failed to construct 'URL': Invalid URL at new u (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:1989) at Function.init (https://localhost:44326/_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js:1:7229) at https://localhost:44326/_framework/blazor.webassembly.js:1:3942 at new Promise () at Object.beginInvokeJSFromDotNet (https://localhost:44326/_framework/blazor.webassembly.js:1:3908) at Object.w [as invokeJSFromDotNet] (https://localhost:44326/_framework/blazor.webassembly.js:1:64232) at _mono_wasm_invoke_js_blazor (https://localhost:44326/_framework/dotnet.5.0.13.js:1:190800) at do_icall (wasm://wasm/00aba242:wasm-function[10596]:0x194e4e) at do_icall_wrapper (wasm://wasm/00aba242:wasm-function[3305]:0x79df9) at interp_exec_method (wasm://wasm/00aba242:wasm-function[2155]:0x44ad3) at Microsoft.JSInterop.JSRuntime.d__151[[System.Object, System.Private.CoreLib, Version=5.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].MoveNext() at Microsoft.JSInterop.JSRuntimeExtensions.InvokeVoidAsync(IJSRuntime jsRuntime, String identifier, Object[] args) at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService3.d__27[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService3.d__26[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService3.d__25[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService`3.d__17[[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationState, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteUserAccount, Microsoft.AspNetCore.Components.WebAssembly.Authentication, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60],[Microsoft.Authentication.WebAssembly.Msal.Models.MsalProviderOptions, Microsoft.Authentication.WebAssembly.Msal, Version=5.0.9.0, Culture=neutral, PublicKeyToken=adb9793829ddae60]].MoveNext() at Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore.OnParametersSetAsync() at Microsoft.AspNetCore.Components.ComponentBase.CallStateHasChangedOnAsyncCompletion(Task task) at Microsoft.AspNetCore.Components.RenderTree.Renderer.GetErrorHandledTask(Task taskToHandle)
Thank you for your time.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 36,246 Reputation points Microsoft Employee2022-01-10T21:04:35.25+00:00 Is this for a B2C application? What do you have in your authority URL?
Have you confirmed that you do not have any invalid characters in any of your variables?
-
Leaverton, John 1 Reputation point
2022-01-11T14:31:07.097+00:00 Thank you for responding.
This is not a B2C. This is to use WSFederation/SAML with AAD.
I got the B2C app and AAD app using OIDC working just fine.
I also did get this working with just a ASP.Net Core Web App using WSFederation/SAML and AAD.
Just having issues with using WSFederation/SAML with a Hosted Blazor App.I didn't have the Authority indicated in the appsetting.json file.
I added "Authority": "https://login.microsoftonline.com/<tennatId>" to it and still got the same error.I went back through and cut and pasted all the values and still get the error.
Is there a demo app or starter app in GitHub that implements WSFederation for a Hosted Blazor App?
I couldn't find one.Please and thank you
Sign in to comment