search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.45k stars 10.03k forks source link

Blazor SSR with NTLM Authentication no longer works on iOS 18 or iPadOs 18 #57918

Closed joemitchard closed 1 month ago

joemitchard commented 1 month ago

Is there an existing issue for this?

Describe the bug

We've got a fairly simple Blazor Server app that's been working absolutely fine on a number of iOS devices across the company, it's an internal app that's authenticated with NTLM.

None of our stream rendered content is loading since the devices have been updated iOS/iPadOS 18.

We've checked a few devices pre-upgrade and everything was working fine, but ceased working as soon as the iOS upgrade was completed.

No errors are logged or thrown server side, but after around 2s the UI becomes unresponsive and eventually pops up the stock "Something has gone wrong, reload" message.

Other browsers on iOS 18 (such as Chrome) are still working fine, this is just related to Safari.

Expected Behavior

The app to work as it did on iOS 17.

Steps To Reproduce

https://github.com/joemitchard/blazor-safari-test

I've replicated the issue in a minimal repo, adding features one by one until I replicated our issue I've found that this is NTLM authentication, not streaming or rendering.

Apologies for the confusion.

This application worked fine on Safari until I added:

SafariTest.csproj

    <ItemGroup>
        <PackageReference Include="Microsoft.AspNetCore.Authentication.Negotiate" Version="8.0.6" />
        <PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="8.0.6" />
        --snip--
    </ItemGroup>

Program.cs

using Microsoft.AspNetCore.Authentication.Negotiate;
--snip--

// auth
builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
builder.Services.AddAuthorization(opts => opts.FallbackPolicy = opts.DefaultPolicy);

App.razor

@using Microsoft.AspNetCore.Authorization
@attribute [Authorize]

<!DOCTYPE html>
<html lang="en">

--snip--

Once these lines were added the application becomes unresponsive on load, however, no errors are logged.

Exceptions (if any)

No response

.NET Version

8.0.6

Anything else?

.NET SDK (reflecting any global.json): Version: 5.0.100 Commit: 5044b93829

Runtime Environment: OS Name: Windows OS Version: 10.0.17763 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\5.0.100\

Host: Version: 8.0.6 Architecture: x64 Commit: 3b8b000a0e

.NET SDKs installed: 5.0.100 [C:\Program Files\dotnet\sdk]

.NET runtimes installed: Microsoft.AspNetCore.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.29 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 8.0.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 3.1.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.29 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 8.0.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 5.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Other architectures found: arm64 [C:\Program Files\dotnet] registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\arm64\InstallLocation] x86 [C:\Program Files (x86)\dotnet] registered at [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x86\InstallLocation]

Environment variables: Not set

global.json file: Not found

Learn more: https://aka.ms/dotnet/info

Download .NET: https://aka.ms/dotnet/download

MackinnonBuck commented 1 month ago

Thanks for reaching out, @joemitchard.

Would you please provide us with a minimal repro project so that we can investigate this further? The weather page in the project template uses streaming, and that appears to work fine on iOS 18 Safari.

joemitchard commented 1 month ago

@MackinnonBuck I'm working on building a simple application to reproduce this, I'll add a link once it's ready.

I think we can rule out streaming, I've managed to get that working. I'll provide an update when I figure out exactly what it causing this behaviour.

Cheers,

Joe

joemitchard commented 1 month ago

Steps to reproduce have been added - the issue is with Authentication, not Stream Rendering. Apologies for the confusion.

This app has been deployed to one of our on premises servers, and our authentication is provided using SSO (GlobalProtect) and AzureAd so I cannot provide a link to the application itself.

This worked previously, so I suspect it's a breaking change in way Safari handles NTLM authentication using Microsoft.AspNetCore.Authentication.Negotiate

joemitchard commented 1 month ago

@MackinnonBuck do you need anything more from my side in order to investigate this?

FWIW I've also tested this issue on v8.0.8 of the highlighted packages and there was no change in behaviour.

MackinnonBuck commented 1 month ago

@joemitchard, this should be enough info for us to investigate this further. Thank you!

mkArtakMSFT commented 1 month ago

After some further discussion we believe this is due to some issue on the browser side, so we recommend you file this issue with Apple.

joemitchard commented 1 month ago

I'm sorry, but @mkArtakMSFT what exactly am I supposed to raise to Apple? I can't exactly go to them and say that there is "some issue" with a change to their browser updates.

Given that you guys maintain this library, I would have thought you can at least provide some guidance here especially as I have created a reproduction that shows the issue.

"Won't fix" is a poor response to a real problem.