Add 9.0 Blazor Web App using Microsoft.Idenity.Web and Entra

[halter73]

No description provided.

[guardrex]

Super NITs ... I'll go ahead a place them.

[guardrex]

Merging now.

When I get to composing the article, which I'll start today (Friday) and pick back up with on Monday, I'll be breaking some lines to adhere to our 85 char line length limit for articles.

[Eagle3386]

@guardrex May I ask what "Super NITs" means? 😅

[guardrex]

https://stackoverflow.com/questions/27810522/what-does-nit-mean-in-hacker-speak

[Stroniax]

I have tried to follow this guide and it worked for prompting login to access pages on the app. When I make a call to an endpoint (controller) with an authorization requirement I get back a 200 with the microsoft login page html, instead of receiving a 401 or 403 that I would expect. Is there another step I need to set up authorization for the backend? I have noticed that app.UseAuthentication() and app.UseAuthorization() are not in the Program.cs file of this project.

[guardrex]

Stand-by, @Stroniax ... I'll see when Halter is planning on placing that sample. It was agreed to do it offline, but he didn't say when he'd get to it.

UPDATE: I asked him on the email chain. Note that it will probably be a BFF pattern sample, and it will compose similar to the BlazorWebAppOidcBff sample. I'll look at what he does and hack the bits into the existing BlazorWebAppEntra sample, and you'll probably be able to do the same from his BFF sample. I'm not sure when this work will be done ... when his sample will arrive and when I'll get to my end of the updates. It could take a week or two ... or four! 🙈😆 We'll get to it as soon as we can 🏃‍♂️.

[uwer62]

First of all I would like to thank you for the sample "BlazorWebAppEntra". I have spent a lot of hours (unsuccessfully) to get this to work in Blazor 8.

I have tried to modify the sample to support the Graph API for the logged in user.

In order to achieve this I returned it to a Interactive Server Web App ( removed the client, added the client files to the server project and enabled the InterActiveServer RenderMode).

Then I had to add the follwing lines:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
==>    .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "user.read" })
==>    .AddDistributedTokenCaches();

==> builder.Services.AddMicrosoftGraph(options => options.Scopes = new List<string>() { "user.read" });

Now I get a functional GraphServiceClient injected and I am able to send an email via Graph API after I login within the WebApp.

My problem is this:

If I close the website and open it again and the Website recognizes me as an already logged in user then the credential info and the weather-page are both working fine. The sendmail call fails with

(Error) IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent.

If I log out and log in again (within the same session) it is working.

It seems that the middleware doesn't automatically pick up the required token.

Is this a bug? Am I missing something that needs to be called in this scenario?

[guardrex]

@uwer62 ... That's a duplicate request of dotnet/AspNetCore.Docs#33147. BTW, we don't work closed issues/PRs. In the future, please open a new docs issue using the Open a documentation issue link/feedback form at the bottom of the article. Use of the form adds metadata to your GitHub issue that cross-links the topic and pings the author automatically for a faster response.