user not getting authenticated in production

[centuryhopper]

So the article is great and is working for me when testing locally but when i deployed my web api to railway and wasm app to github, the app works but i am not able to get the cookie info and claims from the web api. Both are using https so it should work but it's not :'(

[bytefish]

You are talking about the Cookie Authentication with WASM, right? Hmmm 🤔 The usual suspects are CORS, Same Site Attribute on the Cookie, … Do you see anything in the Browser DevTools (F12)?

[centuryhopper]

You are talking about the Cookie Authentication with WASM, right? Hmmm 🤔 The usual suspects are CORS, Same Site Attribute on the Cookie, … Do you see anything in the Browser DevTools (F12)?

yes I saw weird cors issues when I clearly already set up cors.

` builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options => { options.Cookie.HttpOnly = true; options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None; // We don't want to deal with CSRF Tokens options.Cookie.SecurePolicy = CookieSecurePolicy.None; });

builder.Services.AddCors(options => { options.AddPolicy("CorsSpecs", builder => { builder .WithOrigins("https://centuryhopper.github.io/LeoPasswordManagerDeployed", "http://localhost:5024/") .AllowAnyHeader() .AllowAnyMethod() // .SetIsOriginAllowed(options => true) .AllowCredentials(); }); });

app.UseCors("CorsSpecs");

app.UseDeveloperExceptionPage();

app.UseHttpsRedirection();

app.UseRouting(); app.UseAuthentication(); app.UseAuthorization();

`

[bytefish]

As I see it, you are hosting the WASM on GitHub Pages and the Backend is hosted somewhere else? This doesn’t work, because a Browser never sends Cookies from domain abc.com to a different domain xyz.com. Anything else would be a Security Disaster I guess. You could probably serve the WASM from your Backend Server running on a shared Domain.

[centuryhopper]

As I see it, you are hosting the WASM on GitHub Pages and the Backend is hosted somewhere else? This doesn’t work, because a Browser never sends Cookies from domain abc.com to a different domain xyz.com. Anything else would be a Security Disaster I guess. You could probably serve the WASM from your Backend Server running on a shared Domain.

omg that makes sense. I am using railway for the .net web api. I dockerized it. Similar to this video: https://youtu.be/AtVH3rtxhMs?si=nVpNWi__oSfwJSMI and this link: https://www.iliabedian.com/blog/deploy-dotnet-app-on-railway-with-docker

"You could probably serve the WASM from your Backend Server running on a shared Domain." oooh can you show me an example? I thought the url I passed into the WithOrigins() method would solve it but i guess not.

[bytefish]

I think this is a good example:

• https://github.com/davidfowl/TodoApi

The Todo.Web Project in there basically serves the WASM Client and also handles the Authentication.

Something that also comes to mind is simply serving the client using a Reverse Proxy, such as nginx.

Last but not least, this is also a good guide for deploying the Blazor WebAssembly client using various techniques:

• https://learn.microsoft.com/en-us/aspnet/core/blazor/host-and-deploy/webassembly?view=aspnetcore-8.0

I think it also shows nginx.

[centuryhopper]

I think this is a good example:

* https://github.com/davidfowl/TodoApi

The Todo.Web Project in there basically serves the WASM Client and also handles the Authentication.

Something that also comes to mind is simply serving the client using a Reverse Proxy, such as nginx.

Last but not least, this is also a good guide for deploying the Blazor WebAssembly client using various techniques:

* https://learn.microsoft.com/en-us/aspnet/core/blazor/host-and-deploy/webassembly?view=aspnetcore-8.0

I think it also shows nginx.

Thanks for your help, but unfortunately I went down the nginx route in the past and I definitely did not have a pleasant experience with it. I found railway to be a much easier alternative. And I am not sure if the todo repo applies to my situation. I do think maybe serving the wasm app from the web api is what you meant before and I found a video to do that for .net 8 since the hosting option is gone and we have to do it manually: https://www.youtube.com/watch?v=zch_DI_pXmE

Although I am not sure if me doing so would work for railway since we need to have everything in one folder with the docker file for it to deploy to railway successfully but I will give it a shot and let you know if i succeed.

[bytefish]

But I think you should also get away with serving the Blazor Assets using the Fallback functionality:

• https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.staticfilesendpointroutebuilderextensions.mapfallbacktofile?view=aspnetcore-8.0

I will try to create an example for it, but I can’t promise any timeline.

[centuryhopper]

But I think you should also get away with serving the Blazor Assets using the Fallback functionality:

* https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.staticfilesendpointroutebuilderextensions.mapfallbacktofile?view=aspnetcore-8.0

I will try to create an example for it, but I can’t promise any timeline.

Okay wonderful. I look forward to reading it whenever it is ready.