Global static accessToken caused incorrectt API auth info

[jmead1]

In MsalAuthInBlazor / MsalAuthInBlazor / Global.cs, storing the AccessToken in "static" string, made the token shared across all browser instances of the browser server project. Any browser signing out, signed out everyone as far as the API was concerned, and the API idea of who was logged in (based on iterating the User.Claims in the API), also showed the latest login or logout identity, instead of an identity per browser tab. Solution: Multiple solutions are possible, one that worked for me... I replaced the Global AccessToken with a Cascading parameter and made that a parameter in the WeatherForecast service. I also created a "WhoAmI" service and page, with a timed callback to verify who the API thought I was, and used it to verify with multiple browser tabs open, the API continued to know the correct "who" was logged in for each call for each browser tab.

[carlfranklin]

Awesome. Thanks. I will update it.

On Fri, Oct 14, 2022 at 9:46 AM Jim M @.***> wrote:

In MsalAuthInBlazor / MsalAuthInBlazor / Global.cs, storing the AccessToken in "static" string, made the token shared across all browser instances of the browser server project. Any browser signing out, signed out everyone as far as the API was concerned, and the API idea of who was logged in (based on iterating the User.Claims in the API), also showed the latest login or logout identity, instead of an identity per browser tab. Solution: Multiple solutions are possible, one that worked for me... I replaced the Global AccessToken with a Cascading parameter and made that a parameter in the WeatherForecast service. I also created a "WhoAmI" service and page, with a timed callback to verify who the API thought I was, and used it to verify with multiple browser tabs open, the API continued to know the correct "who" was logged in for each call for each browser tab.

— Reply to this email directly, view it on GitHub https://github.com/carlfranklin/MsalAuthInBlazor/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALK4DDDTSWWOEPZNDHWBPTWDFP23ANCNFSM6AAAAAARFIHERQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[jmead1]

Azure deployment issue - any hints where I might find help with this? The "MsalAuthInBlazor" Blazor server web project works fine locally, but when deployed as an Azure web app the login button results in: "An HttpListenerException occurred while listening on http://localhost:49395/ for the system browser to complete the login. Possible cause and mitigation: the app is unable to listen on the specified URL; run 'netsh http add iplisten 127.0.0.1' from the Admin command prompt." I've bing/googled a lot with no luck. One reference that showed up is https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/System-Browser-on-.Net-Core In here it states: B2C and ADFS 2019 do not yet implement the "any port" option. So you cannot set "http://localhost/" (no port) redirect URI, but only "http://localhost:1234/" (with port) URI. This means that you will have to do your own port management, for example you can reserve a few ports and configure them as redirect URIs. Then your app can cycle through them until a port is free - this can then be used by MSAL.. Suggestions? Thanks!