I am using Blazor 8 WebApp with Azure AD OIDC authentication. Everything works locally but on the server, after the authentication, I can see the redirection happening infinitely until the cookie size gets too long and then it says "We can't sign you in. Please retry".
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(builder.Configuration.GetSection("MicrosoftGraph"))
.AddInMemoryTokenCaches();
builder.Services.Configure<OpenIdConnectOptions>(
OpenIdConnectDefaults.AuthenticationScheme,
options =>
{
var clientId = builder.Configuration.GetValue<string>("AzureAd:ClientId");
options.ResponseType = OpenIdConnectResponseType.Code;
options.SaveTokens = true;
options.Scope.Add("offline_access");
options.Scope.Add($"api://{clientId}/access_as_user");
options.ClientId = clientId;
}
I can see the redirection url to be the correct one with https.
Any ideas as to why the cookie once set, is not being picked up as I suspect that could be the problem.
I have tried using the ForwardedHeaders middleware.
var forwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
forwardedHeaderOptions.KnownProxies.Clear();
forwardedHeaderOptions.KnownNetworks.Clear();
app.UseForwardedHeaders(forwardedHeaderOptions);
So it turns out, that I was using the incorrect certificate store path to look for the certificate. Fixed that and lo and behold!