Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot lock down API when emulating auth locally - Blazor stack

See original GitHub issue

Are you accessing the CLI from the default port :4280 ?

  • No, I am using a different port number (–port) and accessing the CLI from that port
  • Yes, I am accessing the CLI from port :4280

Describe the bug

I cannot get API authentication working when running locally. It’s possible I’m missing something in my setup, but I’ve read and searched documentation and haven’t hit upon a solution. I’m running blazor wasm client side with a C# function api. Running the emulator and I can login and see the proper roles listed when I go to .auth/me. Client side authentication using Microsoft.Azure.Function.Authentication.WebAssembly package works fine. Pages properly authenticate using the Authorize attribute and views seem to properly respond to the authenticated state. The problem comes when trying to lock down the API.

My first attempt was to put the AllowedRoles in a route.

   "route": "/api/*",
   "methods": ["GET"],
   "allowedRoles": ["registereduser"]
   "route": "/api/*",
   "methods": ["PUT", "POST", "PATCH", "DELETE"],
   "allowedRoles": ["admin"]

This doesn’t seem to do anything in the emulator. I can still see the calls being successfully made from the client side even when I’m not logged in.

I then moved on in my exploration and went to inspect what headers I’m getting in my api function. And I do not see any auth information. I made a test function to simply spit out all the headers and the x-ms-client-principal header is not present even when I make the call from an authenticated state.

Note that this all works perfectly fine when I’m actually running on Azure in a real static web app.

What am I missing? I really love the concept of being able to develop all of this locally, but trying to set this up has been kind of frustrating.

To Reproduce Steps to reproduce the behavior:

  1. I created a blazor (.net 6) swa from the github template found at staticwebdev/blazor-starter
  2. I modified it for authentication as seen in this tutorial:
  3. I run the swa cli using the following command: swa start http://localhost:5000 --run "dotnet run --project Client/Client.csproj" --api-location Api
  4. using a login button that simulates aad login, I can see the emulator’s auth page and I enter a test username and the roles
  5. I can see those roles represented in the .auth/me page
  6. No auth information is attached when I call the api. The api is being called using the following syntax (Standard from the template): await Http.GetFromJsonAsync<WeatherForecast[]>("/api/WeatherForecast") ?? new WeatherForecast[]{};

Expected behavior I would expect to be able to get/create the ClaimsPrincipal using the information found here: (

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS] MacOS Monterey 12.2.1
  • Browser [e.g. chrome, safari]: Microsoft Edge
  • Version [e.g. 22]: Version 98.0.1108.56

Running SWA CLI version 0.8.2

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:2
  • Comments:9 (8 by maintainers)

github_iconTop GitHub Comments

scottkuhlcommented, Apr 13, 2022

@aaronpowell any updates on this issue?

I don’t believe this is something that we’ll be able to resolve in the SWA CLI as it is reliant on the Functions team addressing the bug.

Is there a bug open for them you can point us to?

Read more comments on GitHub >

github_iconTop Results From Across the Web

ASP.NET core blazor webassembly getting token for Identity ...
This one results in the postman browser emulator pop up and never finishes. This one fails but I get the more informative error...
Read more >
Securing an Azure Static Web App with Auth0 Actions
An in-depth walkthrough of adding IAM to a Blazor WASM based Azure SWA with Auth0 Actions. ... SWA CLI emulation of Azure SWA...
Read more >
ASP.NET Core Blazor WebAssembly additional security ...
When a single-page application (SPA) authenticates a user using OpenID Connect (OIDC), the authentication state is maintained locally within the ...
Read more >
Clustering 4000 Stack Overflow tags with BigQuery k-means
In this post he works with BigQuery – Google's serverless data ... linkedin-api, laravel-passport, saml-2.0, google-authentication, xss, ...
Read more >
Azure Static Web Apps is production-ready: These are my 5 ...
I recap my favorite things about Azure Static Web Apps: deployment environments, CLI support, the local development environment, and auth ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found