Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Blazor server does not handle the MsalUiRequiredException

See original GitHub issue

When calling Blazor server for the acquire token silent (or OBO) part, or when there is a need for more scopes or conditional access, Blazor does not handle context.Result = new ChallengeResult(properties); in AuthorizeForScopesAttribute, like in MVC or Razor.

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:10 (1 by maintainers)

Top GitHub Comments

2reactions

gwgrubbscommented, Jul 24, 2020

@jennyf19

Case where a cookie exists, but the token does not exist in cache and an attempt to acquire a new token (running locally).

in _Host.cshtml:

@model _HostAuthPageModel

method in _HostAuthPageModel.cs:

public async Task<IActionResult> OnGet()
{
	if (!User.Identity.IsAuthenticated)
		return Challenge();

	try
	{
		AccessToken = await tokenAcquisition.GetAccessTokenForUserAsync(apiOptions.Value.Scopes);
	}
	catch (MicrosoftIdentityWebChallengeUserException ex)
	{
		//can't get a token from the token store, MUST assume a sign-out path as requests to API will NOT be authenticated
		logger.LogError(ex, ex.Message);
		consentHandler.HandleException(ex);
	}

	return Page();
}

So, at initial page load of the application the OnGet() method is executed, the user is authenticated (due to the cookie), then attempting to acquire an access token throws an MicrosoftIdentityWebChallengeUserException exception (as expected). When the consentHandler.HandleException(ex) executes, the following exception occurs:

System.ArgumentNullException: Value cannot be null. (Parameter 'claimsPrincipal')
   at Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetDisplayName(ClaimsPrincipal claimsPrincipal) in D:\src\microsoft-identity-web\src\Microsoft.Identity.Web\ClaimsPrincipalExtensions.cs:line 128
   at Microsoft.Identity.Web.ClaimsPrincipalExtensions.GetLoginHint(ClaimsPrincipal claimsPrincipal) in D:\src\microsoft-identity-web\src\Microsoft.Identity.Web\ClaimsPrincipalExtensions.cs:line 90
   at Microsoft.Identity.Web.IncrementalConsentAndConditionalAccessHelper.BuildAuthenticationProperties(String[] scopes, MsalUiRequiredException ex, ClaimsPrincipal user) in D:\src\microsoft-identity-web\src\Microsoft.Identity.Web\IncrementalConsentAndConditionalAccessHelper.cs:line 74
   at Microsoft.Identity.Web.MicrosoftIdentityConsentAndConditionalAccessHandler.HandleException(Exception exception) in D:\src\microsoft-identity-web\src\Microsoft.Identity.Web\MicrosoftIdentityCircuitHandler.cs:line 85
   at OBFUSCATED.Web.App.Pages._HostAuthPageModel.OnGet() in D:\src\OBFUSCATED\src\OBFUSCATED.Web.App\Pages\_HostAuthPageModel.cs:line 55
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

1reaction

dansmittcommented, Jul 24, 2020

@jennyf19 Thank you for the help. I emailed you!