Network Error in Blazor WebAssembly site with ASP.Net Core Identity login link

Question

In my BlazorWebAssembly + ASP.NET Core Identity test site (.NET 5.0 RC1), I'm getting the following error when trying to log in.

There was an error trying to log you in: 'Network Error'

I have already set appsettings OIDC to be the following:

{
  "SiteName": "MyProject",
  "oidc": {
    "Authority": "https://167.172.118.170/",
    "ClientId": "MyProject",
    "DefaultScopes": [
      "openid",
      "profile"
    ],
    "PostLogoutRedirectUri": "/",
    "RedirectUri": "https://167.172.118.170/authentication/login-callback",
    "ResponseType": "code"
  }
}

Why is it not able to connect?

Test site is at http://167.172.118.170/ and the code can be found in https://github.com/jonasarcangel/BlazorLoginNetworkErrorIssue

Answer 1

It is clear by now that Blazor uses the internal url http://localhost:5008 as the authority instead of the external url http://167.172.118.170/

When the client attempts to connect to http://localhost:5008/.well-known/openid-configuration, an error occurs: connection refused...

As a matter of fact the client should use this url: http://167.172.118.170/.well-known/openid-configuration, but it does not as the value of the authority is determined by Blazor.

If you type the url http://167.172.118.170/.well-known/openid-configuration in the browser's address bar, you'll see all the configuration information about the Identity Provider. Indeed, http://167.172.118.170/ is the authority. But as you've seen setting the Authority to this url in the appsettings.json file was simply ignored, and the internal url was used instead.

How to solve this ? We should tell Blazor not to use the internal url but the external one...

Attempts suggested:

In the web server project's Startup class's ConfigureService change this code:

services.AddIdentityServer()
           .AddApiAuthorization<ApplicationUser, ApplicationIdentityDbContext> 
            ();

To

services.AddIdentityServer(options =>
            {
                options.IssuerUri = "https://167.172.118.170/";
               
            })
              .AddApiAuthorization<ApplicationUser, 
                                ApplicationIdentityDbContext>(); 

2. Use the ForwardedHeaders middleware. See this sample as to how to do it.

3. Stick to the above... The issue is here, and not somewhere else.

Good luck...

Answer 2

I just test and the url http://167.172.118.170/_configuration/BlazorWorld.Web.Client returns

{
    "authority": "http://localhost:5008",
    "client_id": "BlazorWorld.Web.Client",
    "redirect_uri": "http://localhost:5008/authentication/login-callback",
    "post_logout_redirect_uri": "http://localhost:5008/authentication/logout-callback",
    "response_type": "code",
    "scope": "BlazorWorld.Web.ServerAPI openid profile"
}

Then the app try to connect to http://localhost:5008/.well-known/openid-configuration :

So the deployed appsettings is probably not the good one.