question

JoeDiApice-0781 avatar image
0 Votes"
JoeDiApice-0781 asked JasonPan-MSFT commented

Blazor WASM Hosted on Azure 401 Unauthorized - Issuer Invalid



I have a Blazor WASM Hosted Solution that I am hosting on AZURE. I have the site running on SSL and have 3 Certs. One for HTTPS://siteName.com one for HTTPS://www.sitename.com and one for the IdentityServerSigning as recommended by Microsofts documentation.

I can log into the application without any issues, however, i am getting 401 Unauthorized with the Error of Invalid_Token - The issuer https://www.siteName.com is invalid when making API calls to restricted endpoints

Now if i navigate to the Azure domain name https://siteName.azurewebsites.net i do NOT get the 401 Unauthorized.

Can someone point me in the right direction of fixing this to where ANY of the 3, www.sitename.com, sitename.com and sitename.azurewebsite.net can all access without a 401 unauthorized?

dotnet-aspnet-core-blazor
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JoeDiApice-0781

For this kind of error, it can usually be solved after configuring IssuerUri.

You can refer below links, and set IssuerUri, I need to know if this solves your problem.

1. Blazor WebAssembly Hosted app with IdentityServer works from azurewebsites.net domain but returns 401 with custom domain

If you need further help, please let me know.


0 Votes 0 ·

So I had found that article and had tried that. However, that causes a lot of other problems. It causes the login redirect to always use whatever that issuerURI is set to. So if i have it set to sitename.com and i am on the sitename.azurewebsites.net url it tries to redirect to the sitename.com/login which then throws an error and 404s. It also makes running locally a nightmare is its making calls to the issueruri when it should be using localhost.

0 Votes 0 ·

Hi @JoeDiApice-0781

The issuer is also part of the tokens and the token validation will be problematic when the name of the issuer (Ip or domain changes).

So I suggest you can use subdomain, like https://www.sitename.com, https://test1.sitename.com,https://test2.sitename.com . And you also need to share cookies for all applications.

In your local, if you want to debug it, you can modify the host file to use custom domain.

Thanks for your patience.


0 Votes 0 ·

0 Answers