Has anybody ACTUALLY got this working in a REAL Blazor server app?!

[ataraxia89]

All I want to do is get an access token. This is in my Startup.cs:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(Configuration.GetSection(Constants.AzureAdB2C))
    .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "https://mydomain.net/api/my.scope" })
    .AddInMemoryTokenCaches();

services.AddAuthorization(authorizationOptions =>
{
    authorizationOptions.AddPolicy(
        App.Policies.CanManageUsers,
        App.Policies.CanManageUsersPolicy());
});

services
    .AddControllersWithViews(options =>
    {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
    }).AddMicrosoftIdentityUI();

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
    options.ResponseType = "code";
    options.SaveTokens = true;

    options.Scope.Add("offline_access");
    options.Scope.Add("https://mydomain.net/api/my.scope");
    options.ClientSecret = Configuration[$"{Constants.AzureAdB2C}:ClientSecret"];
}).AddInMemoryTokenCaches();

services
    .AddServerSideBlazor()
    .AddMicrosoftIdentityConsentHandler();

I'm using this to obtain an access token:

string authToken = null;

try
{
    authToken = await _tokenAcquisition.GetAccessTokenForUserAsync(new[] { "https://mydomain.net/api/my.scope" });
}
catch (Exception ex)
{
    ConsentHandler.HandleException(ex);
}

When I run my app for the first time I get redirected to my Azure B2C login flow no problems, sign in and get returned to my app, but then any future calls to obtain an access token (as above) redirect me to https://localhost:44339/MicrosoftIdentity/Account/Challenge?redirectUri=https://localhost:44339/&scope=https://mydomain.net/api/my.scope%20openid%20offline_access%20profile&loginHint=John%20Smith&domainHint=&claims=&policy= which throws a 404 Not Found, and of course there is no token retrieved. I followed these instructions >> https://github.com/AzureAD/microsoft-identity-web/wiki/Managing-incremental-consent-and-conditional-access#in-blazor-server

All I want is an access token to then use in a request to an API. What the hell is this /MicrosoftIdentity/Account/Challenge page and wtf am I supposed to do with it?!

[jmprieur]

@ataraxia89

in your code:

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => {
}

• you shouldn't need to add the scopes (Microsoft.Identity.Web will do it for you)
• options.ClientSecret = Configuration[$"{Constants.AzureAdB2C}:ClientSecret"]; shouldn't be needed either (if it's in the config file?)

Did you try without this bloc for the moment?

services.AddAuthorization(authorizationOptions =>
{
    authorizationOptions.AddPolicy(
        App.Policies.CanManageUsers,
        App.Policies.CanManageUsersPolicy());
});

[ataraxia89]

I have removed the scopes/secret and removed the custom policy and it has made no difference. I don't even get redirected to my login flow any more, it's straight to /MicrosoftIdentity/Account/Challenge which returns a 404.

[ataraxia89]

So the reason that I wasn't being redirected to login upon starting my app was because for some reason I'd removed the options from the .AddControllersWithViews call:

services
    .AddControllersWithViews(options =>
    {
        var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        options.Filters.Add(new AuthorizeFilter(policy));
    })
    .AddMicrosoftIdentityUI();

I now get redirected to my user login flow when unauthorized (cookie expiration?) but any subsequent calls to retrieve a token after restarting the app (when I presume the token cache is empty) still redirect to /MicrosoftIdentity/Account/Challenge/ which returns a 404.

[jmprieur]

Do you have a repo with repro code, @ataraxia89 ?

[ataraxia89]

No, but I have now found the issue. I thought it would be a dumb problem, and it is, the line below was missing in the Configure method:

app.UseEndpoints(
    endpoints =>
    {
        endpoints.MapControllers();  //  <<<< This one
        endpoints.MapBlazorHub();
        endpoints.MapFallbackToPage("/_Host");
    });

[ataraxia89]

The startup in this repo is similar to mine except for my own business logic/interfaces so this would be a good example >> https://github.com/jpda/msiddev-blazor-aad-graph/tree/b2c

[hostar]

Hello, I was having same problem, but in .NET 8.
If you do not need UseEndpoints, you can just call:
app.MapControllers();