pranavkm
commented
3 years ago Could you post a non-zip URL (preferably a GitHub repo) for us to investigate this further? Thanks!
Closed Indhumathy-Loganathan closed 11 months ago
pranavkm
commented
3 years ago Could you post a non-zip URL (preferably a GitHub repo) for us to investigate this further? Thanks!
Indhumathy-Loganathan
commented
3 years ago As per your request, we prepared a GitHub repo with sample. Please check the below link.
https://github.com/Indhumathy-Loganathan/AuthorizationSample
You can use temporary login credentials to perform login. Then put a debugger in the post method call. When you press the button the post method doesn't triggered. After commenting out the authorization the method call triggered properly.
ghost
commented
3 years ago We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.
shameeralibaig
commented
2 years ago Please, any update on this @mkArtakMSFT ?
MrCalico
commented
2 years ago Are you asking the Bot to help? I guess that's better than getting fired over this :(
keerthanaRajendran
commented
2 years ago Hi Team,
Can you please update on this to make HTTP client call work with Authorization? or share the timeline for the fix.
shameeralibaig
commented
2 years ago Hi @pranavkm : Can you please update on this issue?
pranavkm
commented
2 years ago I tried your app out and it looks like attempting to access the action results in Auth kicking in and redirecting to the Identity login screen. What do you expect to happen that isn't working?
Indhumathy-Loganathan
commented
2 years ago Hi @pranavkm,
As explained earlier, we have enabled authorization in the sample. When the below code used in Startup.cs the Post method at Controller part doesn't triggered.
https://github.com/Indhumathy-Loganathan/AuthorizationSample/blob/main/Startup.cs#L34
Just put a breakpoint in Post method and click the button you can able to see that the method call doesn't triggered. But if you comment the above authorization code in Startup.cs file the method call triggered properly. The Http WebApi call has been prevented when authorization is enabled. We expect it to be work even when authorization is enabled.
Indhumathy-Loganathan
commented
1 year ago Hi @pranavkm,
We have been waiting for your reply for this query. We also prepared a latest sample and added in the below location for your reference.
https://github.com/Indhumathy-Loganathan/NewAuthorizationSample
Update us with details, how to resolve this issue.
mkArtakMSFT
commented
1 year ago Hi @Indhumathy-Loganathan. @pranavkm is no longer with the team that's why we've missed your inquiry for so long.
Given that there has been no community involvement here, the issue that you're facing is most probably due to something going on in your own code. We recommend posting your question on the StackOverflow forum to get help.
davidfowl
commented
1 year ago @mkArtakMSFT I can take a look.
@Indhumathy-Loganathan I'm a bit confused as to what you expect to happen.
Do you expect this call to return a 401?
Indhumathy-Loganathan
commented
1 year ago Hi @davidfowl,
We just need to trigger the PostCount method in the controller. But it is not triggering when the authorization code is added to the Program.cs file.
https://github.com/Indhumathy-Loganathan/NewAuthorizationSample/blob/main/Program.cs#L14
If you remove that Authorization code, then the API call will trigger properly. For now, it will only throw an error since we don't make any customizations at the server end. All we need is to trigger the API PostCount method, so set the breakpoint in that method to test this issue.
davidfowl
commented
1 year ago We just need to trigger the PostCount method in the controller. But it is not triggering when the authorization code is added to the Program.cs file.
Right now, it seems you have configured the entire site to require authentication. Was that the intent?
If that wasn't the intent, then why do you have this line of code:
Indhumathy-Loganathan
commented
1 year ago Yes, the entire site require authentication, that was the intent.
davidfowl
commented
1 year ago So when you say the Post method isn't triggering, are you making the request with an authenticated user?
Indhumathy-Loganathan
commented
1 year ago Yes, only a logged-in user can make that API request.
davidfowl
commented
1 year ago I think I see the confusion, let me know if I'm its correct:
You have a Blazor server application, and you are making this call https://github.com/Indhumathy-Loganathan/NewAuthorizationSample/blob/3fde9b1293991a880e6cc5011d5222c7cc61bd75/Pages/Index.razor#L13 and it's failing with a 401 (unauthorized).
This call is being made from the context of a Blazor server application, which has no context of the current user so it doesn't work.
You want need to essentially treat requests from the Blazor server application as authenticated, somehow?
This diagram explains your current situation:
Your Blazor Server application is trying to make an unauthenticated HTTP call to itself and that's why it's failing. To make this work, you would need to flow the authentication state from the original websocket connection and flow it to your HttpClient call.
Do you want to make a second HTTP call within the same process to your API? The advantage of Blazor server is that you don't have to build a REST API since it is a backend specifically for your front end all in one (it's a full stack framework).
I'd suggest exposing the data via a service class and calling that service class instead of using HttpClient to get access to this data.
If you need to expose an API for other callers, then you can use this service class from your controller, and from your blazor server code.
There's a wrinkle with this approach though. Protecting access to entire resources would require an additional step on your part with the service class. This isn't difficult but since you're no longer calling a controller action, you'll need to protect the calls elsewhere. Luckily, you can use the same authorization system.
MackinnonBuck
commented
11 months ago Going to close this out since there hasn't been any activity in a while and there's not a clear framework problem to address. If you have a suggestion for a framework change, feel free to open a new issue.
Describe the bug
We are making a WebAPI call through HTTP client and this call is prevented when authorization is enabled in the Blazor application with the following code.
services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; });
Note: Http client call(GET or POST) triggers when removing the above code or removing the app.UseAuthorization() from Startup.cs file.
To Reproduce
Please find the issue replicated sample from below link.
https://github.com/dotnet/aspnetcore/files/6554173/AuthorizationSample.zip
In the sample, the controller post method is not triggered while using the authorization code in Startup.cs file. After commenting, we can able to access the method.
Exceptions (if any)
Further technical details