Blazor Server App with Microsoft Identity Authenticaion (Azure AD) gets stuck in authentication loop after publishing to local IIS 10 (Server 2019)
I have been testing a Blazor Server app (ASP.NET Core 6.0) locally for a while with no issues. It authenticates against Azure AD, and everything works fine.
I deployed it to an IIS 10 server on Windows Server 2019 (after installing Websockets, ASP.NET hosting runtime, etc.) and now I can't get past authentication, either locally on the server or remotely.
When I hit the URL, it immediately redirects to the Microsoft Login page, where I enter my username (email), then password, then 2FA challenge, then the yes/no stay logged in page, and then it appears to hang for a short while (although in the tab it is constantly switching between "Working" and "https://login.microsoft.com...") and then it either comes up with Bad Request - Request Too Long, or just "We can't sign you in".
If it's the Bad Request error, then the cookie store will be full of .AspNetCore.Correlation.xxx and .AspNetCore.OpenIdConnectNonce.xxx cookies, which is what makes the headers too long, and creates the bad request. If it's the "we can't sign you in" error, then clicking the three dots, and saying sign out and forget, resets things which will next time result in the Bad Request error.
Just to check that I hadn't done anything stupid, I created a new blank app, using the Blazor Server template, and deployed that in place of my app. Exactly the same thing happened. I could run it locally in VS, but after publishing to IIS, exactly the same Authentication errors.
Does anyone have any ideas or pointers?
OK, for anyone who finds this in the future... it was a simple fix - but there are no error messages which point to it until you look very deeply.
When I set up both my app, and the Blazor template app, I let the scaffolder set them up, and get a secret from the Azure API, which it placed into my local secret store.
When I published the app to IIS, the ClientSecret was not copied.
The quick fix was to simply put the client secret into the appsettings.json file at which point everything came good immediately. The longer fix is to use the server-based secret store.
Apparently the looping was caused by the client secret not being present. :(
- ASP.NET Core 8 Minimal API throws 404 on deploy in IIS
- Published on webserver core8 api works from POSTMAN and from weserver published frontend but ERR_CONNECTION_RESET from client browser
- Why is my local website not working in IIS
- Unable to launch IIS Express Web Server - Failed to Register URL - Cannot create a file when that file already exists | VS Community 2017
- The session cookie cannot be unprotected when ASP.NET Core 8.0 Web App runs on IIS
- what alternatives are there to using global.asax?
- How to Access Files in ASP.NET Web Forms Application via Virtual Directory on Network Location?
- ASP.NET Core app running on IIS gives Http Error 401.2-Unauthorize
- Cannot connect to SQL SERVER from ASP.NET Web Method
- .NET framework Session State
- IIS - Url Rewrite and subfolers
- ERROR: "The project doesn't know how to run the profile IIS Express" (VS 2019, 16.11.7)
- What is modern way to hosting `node.js` applications on Windows 10 and Windows Server 2012 and newer?
- Python Flask UnderIIS - Docx to Pdf
- How to Host Web API and MVC application on Same Address
- How to solve the HTTP Error 403.14 - Forbidden in Asp.Net Core API?
- [COMException (0x800a141f): Word was unable to read this document. It may be corrupt
- IIS & ASP.NET blocking file
- ASP.NET Core 8.0 MVC web app & IIS 10 - how to include the user name in the IIS log when the cookie authentication is used?
- JSON file create issue on IIS production server
- URL Rewrite rule to redirect http: to https: is not working - IIS 10 - Asp.Net Framework 4.8 - web forms - aspx
- How to host React.js and Node.js app in windows IIS?
- Minimum ASP.NET Core app to redirect to new domain
- HttpClient using PFX transport certificate to stablish connection to third part application
- .Net Framework: exception in w3wp.exe
- docker: Error response from daemon: Ports are not available: listen tcp 0.0.0.0:80: bind:
- change iis localhost from C: to D:
- IIS 10 - HTTP Error 413.1 - Request Entity Too Large
- HTTP Error 403.14 - Forbidden The Web server is configured to not list the contents
- Antivirus Exclusion List for ASP.NET applications hosted on IIS