Question/Clarification wanted for Blazor WebAssembly Azure AD Setup Documentation #21983
Comments
dotnet-bot
added
⌚ Not Triaged
Blazor
Source - Docs.ms
|
Hello @nickkfwong ... The document is correct. Unfortunately due to high priority and high volume 🏃😅 docs work at this time, it isn't possible to troubleshoot individual dev apps here. Your best bet for support is to reach out to the community for product support. We recommend the usual support channels ... I can toss out in passing that the Blazor Server isn't addressed by this doc. Access ASP.NET Core web API docs for a web API experience with Blazor Server (and perhaps Azure docs+examples). Yes ... IIRC, you do need that scope. It's covered in the docs for web API IIRC. For the content following ...
It ties in with the prior paragraph's instructions for ...
Those two paragraphs and examples go together. I'll mark your comment on my UE pass tracking issue to clarify it by placing both of these instructions and examples into a separate sub-section. Thanks for mentioning this problem. I'll make sure to address it when I reach this node of topics. |
|
Hi @guardrex, Thanks for quick response and the clarification! I will check the ASP.NET web api core doc to get a complete understanding. |
If by "that topic" you mean the web API topics (here and in the Azure docs), then no ... it doesn't apply to hosted Blazor WebAssembly.
It's only relevant in the context of this topic's subject: hosted Blazor WebAssembly app with AAD. ... and only if you use it. You can name it anything that you want. That's just what the example is for the topic. |
Yes Im exactly following this
I see, That's good now! Big thanks! |
|
@guardrex I think the docs are not correct, like @nickkfwong said, in the docs when it says:
Is not in the Server API app settings file that we need to add the Audience, is in the Client app settings file |
|
@joaodotnet ... It's in the Server's app's app settings file only if the publisher domain in use isn't a trusted/verified publisher. Cross-reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-configure-publisher-domain Having said that tho, Azure is a rapidly evolving platform. I plan to check all of the guidance for 6.0 when I reach this batch of topics on the UE passes that I'm making on #19286. I'll create a batch of 6.0 preview apps (RC1 release timeframe) for testing all of the main scenarios in all of the WASM topics. If something has changed, then I'll get right on it with a fix. Also note that there are no current issues regarding the docs guidance from readers, and my own 5.0 test apps are still running based on the guidance provided. |
Hello, recently I was just trying to setup a Blazor project with Azure AD.
Indeed, I want to have few clarifications - im not sure if
(1)
In the doc it mentions: "when publisher domain of the directory is untruysed...",
then app url should be written as
"https:////<default_scope>"
But, when I setup using the https scheme it does not work but when I switch back to api:// scheme, this works magically. (In azure portal, I can see failure login saying "The resource principal named {name} was not found in the tenant named {tenant}.")
I believe I'm on the "untrusted" publisher domain, because I see my publisher domain as .onmicrosoft.com with a message saying "The application’s consent screen will show ‘Unverified..."
(2)
For scope, the doc mentioned adding a default "API.Access"
In Blazor server, it seems it also require another scope, named as access_as_user.
So I either need to add an extra scope or user "access_as_user" as the default scope.
For above two items, I want to know if there is actually a discrepancy between the correct-setup and the doc. Or it was something I am doing wrong? Honestly, strictly following the doc doesn't seem to allow me to setup a working project with Azure AD.
In terms of feedback,
For the appsetting section for Server API , one part mentioning : "To configure the server API app for a matching audience, set the Audience in the Server API app settings file...,
which then includes "Audience", "Authority", "ValidateAuthority"
However, Im not sure if this is actually needed for SERVER?
The template generated from Visual Studio and dotnet cli does not contains this section also. And when I setup the app without these 3 settings, it seems the authentication/authorization still function correctly.
I would feel much better if some explanation can be added here?
I am using NET5, and viewing the doc on web on 5.0 as well.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: