Home > Software engineering >  Blazor standalone WebAssembly call secure core API on behalf of logged in user
Blazor standalone WebAssembly call secure core API on behalf of logged in user

Time:08-09

I have a secure API app set up in AAD with couple of scopes. I also have a standalone Blazor client that I want to make requests from to my API. I have a user with access to my API scopes. My Client has delegated permissions to my API - all of the scopes.

When I add app.MapControllers().AllowAnonymous(); I am getting data back in my Blazor client. All works fine. When I remove that line, I am getting 404. I have been trying for 5 days to solve this and am resigned at this point. I am able to login to the application using my user that I created in AAD, when I make the request, I can see in the fiddler that bearer token is in the header... I always get 404 back, not even 401 or 403.

This is my Api configuration:

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));

This is my client configuration:

builder.Services.AddMsalAuthentication(options =>
{
    builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
    options.ProviderOptions.DefaultAccessTokenScopes.Add("https://graph.microsoft.com/User.Read");
});

builder.Services.AddScoped<CustomAuthorizationMessageHandler>();

builder.Services.AddHttpClient("WebAPI",
        client => client.BaseAddress = new Uri("https://localhost:5101/"))
    .AddHttpMessageHandler<CustomAuthorizationMessageHandler>();

and the handler:

   public class CustomAuthorizationMessageHandler : AuthorizationMessageHandler
    {
        public CustomAuthorizationMessageHandler(IAccessTokenProvider provider,
            NavigationManager navigationManager)
            : base(provider, navigationManager)
        {
            ConfigureHandler(
                authorizedUrls: new[] { "https://localhost:5101/" },
                scopes: new[] { "api://38019b82-84d0-40cc-a2cd-155f2d8b7757/API.RO1" });
        }
    }

I am calling the api as follows from my page:

var client = ClientFactory.CreateClient("WebAPI");
entries = await client.GetFromJsonAsync<List<TimeSeriesEntry>>("/api/tds/2022-08-06");

Could you please tell me if see anything obviously wrong with this config ?

CodePudding user response:

You shouldn't remove the whole line app.MapControllers().AllowAnonymous();. app.MapControllers(); is essential for web api to work.

Page link:https//www.codepudding.com/Softwareengineering/504393.html

Prev:Which layer is the correct place to convert Model to Dto?
Next:The reason why JavaScript is not running on the main page of Blazer
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding