Search code examples
azureblazorblazor-webassemblyazure-webappsazure-ad-b2c

Problem with AzureB2C showing localhost login when deploying Blazor Client App and Server to Azure

I have just completed a new Client-side Blazor app with Server, using Azure B2C for auth.

Everything works perfectly on localhost, but when I published the server to a new Azure Web App, the login popup refers to the HTTP (not HTTPS) localhost URL (see image) and fails to find that page (of course). No idea why localhost is targeted, as the only reference to that URL is in the launchsettings.json used for Visual Studio startup of the app.

enter image description here

I have search all project files and settings I can think of, but cannot find where the problem is. Yes, I have configured the B2C Authentication redirect URLs for the return trip to the Azure hosted server.

Any ideas? This is my first Azure deployment of a Blazor app, so it may just be something simple I am not aware of (yet).

Web redirect settings in Azure B2C below: enter image description here

I also just inspected a local copy of the entire set of publish files and cannot find anything that refers to the localhost URL

Update

After cleaning out unused App Registrations and their redirect URLs, I narrowed it down to this error being returned in the URL when running locally:

http://localhost/signin-oidc#error=redirect_uri_mismatch&error_description=AADB2C90006:+The+redirect+URI+'https://localhost:7164/authentication/login-callback'+provided+in+the+request+is+not+registered+for+the+client+id+'{xxxx}'.

After changing that redirect to authentication/login-callback (it was /signin-oidc) it still shows the same error, so there is definitely caching going on in the AzureB2C server.

From the deployed server the error is similar.

http://localhost/authentication/signin-oidc#error=redirect_uri_mismatch&error_description=AADB2C90006:+The+redirect+URI+'https://xxxxxx.azurewebsites.net/authentication/login-callback'+provided+in+the+request+is+not+registered+for+the+client+id+'{xxxx}'.

It appears to fallback to another redirect when the required redirect is missing. Maybe the last successful/cached one?

Another note. When you spin up a Blazor app with Azure B2C, it creates 2 separate App registrations. One for the server auth and one for the client auth. It may be the required for each are different endpoints, so any copying of "fixes" may keep breaking client or server, with caching obfuscating the problem. I will spin up a fresh templated Blazor app with Auth and record the exact URLs it creates in each AzureB2C App registration.

Notes:

  • I created a fresh Client Server Blazor App connected using Azure B2C for Auth called DeleteMe.
  • It creates an App registration called DeleteMe, then while configuring a second App registration called DeleteMe-Client with 4 redirect URL.
    • The 4 redirect URLs match the HTTP & HTTPS settings for both IIS and local hosting and all have the form http://localhost:xxxx/authentication/login-callback
    • The DeleteMe primary app registration has no redirect URLs created, so anything I previously added to the primary App Registration appears to have been unnecessary
  • When creating a fresh Blazor Client/Server app connected to AzureB2C, the first attempt for it to configure itself always fails. A second attempt succeeds, but creates a third App registration.
  • I checked the client appsettings and deleted the unused App Registration
  • Ran app locally and it works fine
  • Created a publish profile for an Azure App Service
  • Added the new App domain as an extra Redirect to the DeleteMe-Client App Registration

enter image description here

  • Deployed to the Azure free App Service
  • It Works just fine

enter image description here

  • Now working through the Server and Client configuration I see the server uses /signin-oidc, but server side login is not actually used.
  • Add old URL domain to the new client app registration
  • Pointed the client at the new App registration client ID
  • Deployed the old website with the new App registration client ID
  • It redirects the login to the new website!

enter image description here

  • Delete the new redirect URL
  • It still redirects to that new website URL!
Solution

  • Okay dokay. So after a huge amount of trial and experimentation, I have it working on the deployed website.

    Effectively I did nothing but fix some redirect URLs and "wait for it to become active". Everything else was a red herring.

    You could also solve this problem by creating a new App registration, configure all URLs in advance of use, and use that new ClientId from AzureB2C. Then there is no chance of caching.

    It appears that AzureB2c caches return URLs and if any redirect URL is invalid, it seems to pick up the last valid one it used. I will add further details if it reoccurs.

    Thanks to @Harshitha for their suggestions. Every little thing helps to focus on the problem.

    Update

    So as part of my testing I removed all localhost redirects from the App registration. When I added them back, to run it locally again, the immediate effect was a redirect to the previous Azure cloud version I successfully used! Definitely a caching/update issue.

    • I also tried clearing all cookies from the Azure hosting domain and no change, so definitely an issue with AzureB2C.

    Final Update

    After checking every 5 minutes, it appears there is a 30 minute delay before any new redirect URLs become active.