Azure AD Authentication Not Passing Over Credentials with Blazor

[JoshCaba]

Describe the bug

AD Authentication Not Passing Over Credentials with Blazor.

Creating an app that uses AD Azure Authentication and start using Blazor within it. Methods start to fail out whenever you call the controllers that require the AD authentication.

To Reproduce

1. Create a new Blazor Server App project. Ensure AD authentication is enabled in the "Authentication" portion of the new project dialog.

2. Add a New Controller with the following Method.

       [HttpGet]
       public async Task<ActionResult<List<People>>> Get()
       {
           return await repo.People.ToListAsync();
       }

3. Add something on the front end to grab from the URL.

   @code {
   
   private People[] peoples { get; set; }
   
   protected override async Task OnInitializedAsync()
   {
       peoples = await Http.GetJsonAsync<People[]>("/api/People");        
   }
   }

Output From the Console

Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request starting HTTP/1.1 GET https://localhost:44354/api/People  
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executing endpoint 'PeopleApp.Controllers.PeopleController.Test (PeopleApp)'
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Information: Route matched with {action = "Get", controller = "People", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.ActionResult`1[System.Collections.Generic.List`1[PeopleApp.Data.Models.People]]] Test() on controller PeopleApp.Controllers.PeopleController (PeopleApp).
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService: Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult: Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler: Information: AuthenticationScheme: AzureADOpenID was challenged.
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Information: Executed action PeopleApp.Controllers.PeopleController.Test (PeopleApp) in 44.0281ms
Microsoft.AspNetCore.Routing.EndpointMiddleware: Information: Executed endpoint 'PeopleApp.Controllers.PeopleController.Test (PeopleApp)'
Microsoft.AspNetCore.Hosting.Diagnostics: Information: Request finished in 110.0596ms 302 
Exception thrown: 'System.Text.Json.JsonException' in System.Private.CoreLib.dll

The Exception

Although, this means nothing because all it's saying is that there's an HTML response coming back instead of JSON so it errors out. The console output from above is far more telling.

An unhandled exception occurred while processing the request.
JsonReaderException: '<' is an invalid start of a value. LineNumber: 2 | BytePositionInLine: 0.

System.Text.Json.ThrowHelper.ThrowJsonReaderException(ref Utf8JsonReader json, ExceptionResource resource, byte nextByte, ReadOnlySpan<byte> bytes)
JsonException: '<' is an invalid start of a value. Path: $ | LineNumber: 2 | BytePositionInLine: 0.

System.Text.Json.ThrowHelper.ReThrowWithPath(ref ReadStack readStack, JsonReaderException ex)
.....

[mkArtakMSFT]

Thanks for contacting us. It looks like the error you're getting is because the result of the HTTP call is not really a 200 OK. Based on the logs, the server is returning a ChallengeResponse. On the client, because you're not validating the return code, the code tries to parse that HTML content as JSON and fails.

We are actually working on providing proper Azure AD enabled Blazor Project template as part of https://github.com/dotnet/aspnetcore/issues/17014. That should simplify the integration for you. I'm going to close this issue as that work is going to obsolete this particular issue.