I have blazor wasm app hosted on asp net core and connected by grpc-web. It works perfectly with authorized user but I cant make unauthorized grpc calls. I get this in logs:
OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandler: Information: AuthenticationScheme: OpenIddict.Server.AspNetCore was forbidden.
But with authorized user this request works fine.
My startup.cs (tried in every possible order auth/grpc/route):
app.UseRouting();
app.UseCors(policy => policy
.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
.WithExposedHeaders("Grpc-Status", "Grpc-Message", "Grpc-Encoding", "Grpc-Accept-Encoding"));
app.UseGrpcWeb(new GrpcWebOptions { DefaultEnabled = true });
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(options =>
{
//options.MapGrpcServices(); //Here grpc
options.MapRazorPages();
options.MapControllers();
options.MapFallbackToFile("index.html");
});
Mostly app configured from official sample: https://github.com/openiddict/openiddict-samples/tree/dev/samples/Balosar
Adding [AllowAnonymous] on grpc service doesnt help.
How I can allow unauthorized requests for some grpc services?
CodePudding user response:
If you migrated your gRPC solution from Identity Server 4 and have in Blazor.Client Program.cs something like this:
builder.Services.AddHttpClient("MyClientName", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
.ConfigurePrimaryHttpMessageHandler(() => new GrpcWebHandler(GrpcWebMode.GrpcWeb, new HttpClientHandler()))
.AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();
Try to remove .AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>() but dont forget test your app for correct auth requests!
In result you will have something like this:
builder.Services.AddHttpClient("MyClientName", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
.ConfigurePrimaryHttpMessageHandler(() => new GrpcWebHandler(GrpcWebMode.GrpcWeb, new HttpClientHandler()));