aspnetcore: Blazor Web Assembly AAD Auth under .Net 5.0 cannot request multiple tokens
Describe the bug
I see this was reported in #28226, but it was closed without resolution, and the problem definitely exists.
Following instructions here: https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/additional-scenarios?view=aspnetcore-5.0#request-additional-access-tokens
You cannot request multiple tokens under .Net 5.0. The error received is:
Provided value for the input parameter scope is not valid because it contains more than one resource. Scope x y is not valid, where x and y are the scopes I am requesting.
If I request 1 scope only, I can authenticate with no errors.
I have an older blazor wasm application built against .Net Standard 2.1, which follows the same coding instructions/pattern where this does work.
To Reproduce
Program.cs is:
public static async Task Main(string[] args)
{
var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.RootComponents.Add<App>("#app");
builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
builder.Services.AddMsalAuthentication(options =>
{
builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
options.ProviderOptions.DefaultAccessTokenScopes.Add("https://graph.microsoft.com/openid");
options.ProviderOptions.AdditionalScopesToConsent.Add("https://management.azure.com/user_impersonation");
});
builder.Services.AddAuthorizationCore(options =>
{
options.AddPolicy("OneUser", policy => policy.RequireAssertion(context =>
context.User.HasClaim(c =>
c.Type == "preferred_username" &&
c.Value == "x*x.onmicrosoft.com")
));
});
await builder.Build().RunAsync();
}
It fails even without attempting token access. Index.razor does not really do much, only …
<AuthorizeView Policy="OneUser"> <Authorized> </Authorized> <Authorizing>Authentication in progress
</Authorizing> <NotAuthorized>Please log in with an authorized user
</NotAuthorized> </AuthorizeView>Exceptions (if any)
The error/exception number is AADSTS28000
Further technical details
- ASP.NET Core version
- Include the output of
dotnet --info - The IDE (VS / VS Code/ VS4Mac) you’re running on, and its version .NET SDK (reflecting any global.json): Version: 5.0.102 Commit: 71365b4d42
Runtime Environment: OS Name: Windows OS Version: 10.0.19042 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\5.0.102\
Host (useful for support): Version: 5.0.2 Commit: cb5f173b96
.NET SDKs installed: 1.1.13 [C:\Program Files\dotnet\sdk] 1.1.14 [C:\Program Files\dotnet\sdk] 2.1.617 [C:\Program Files\dotnet\sdk] 2.1.700 [C:\Program Files\dotnet\sdk] 2.1.701 [C:\Program Files\dotnet\sdk] 2.1.812 [C:\Program Files\dotnet\sdk] 2.2.300 [C:\Program Files\dotnet\sdk] 3.1.300 [C:\Program Files\dotnet\sdk] 3.1.405 [C:\Program Files\dotnet\sdk] 5.0.102 [C:\Program Files\dotnet\sdk]
.NET runtimes installed: Microsoft.AspNetCore.All 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.2.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.App 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.2.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 1.0.15 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 1.0.16 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 1.1.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 1.1.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.12 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.24 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.2.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.1.11 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.2 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
To install additional .NET runtimes or SDKs: https://aka.ms/dotnet-download
Visual Studio Enterprise 16.8.4
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 19 (9 by maintainers)
We addressed this for 7.0, the fix will be available in RC2
https://github.com/dotnet/aspnetcore/pull/43954