Hi, I've deployed a Blazor Server + Blazor Wasm apps to Heroku. Blazor Wasm calls one of the endpoints to login using Steam from Blazor Server. For some weird reason, this works when testing locally, however, when I pushed the app to Heroku it stops working (the page goes to /api/users/login
endpoint and displays 404, not found). When I tested it locally, I pressed the button to authenticate using Steam, the page correctly reloaded and went to the Steam page to authenticate. It doesn't happen in the live version. When the page is on api/users/login
(live version) I can hard reload the page and when that's done, it correctly goes to the Steam page to authenticate the user. I don't know why it works differently when it's live.
This is my Startup.ConfigureServices:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(o =>
{
o.Cookie.Name = "session";
o.LoginPath = "/api/users/login";
o.LogoutPath = "/api/users/logout";
o.AccessDeniedPath = "/";
o.ExpireTimeSpan = TimeSpan.FromDays(30);
o.Events.OnSignedIn += CookieDealer.OnSignedIn;
o.Events.OnValidatePrincipal += CookieDealer.OnValidatePrincipal;
o.Events.OnRedirectToLogin = context =>
{
context.Response.StatusCode = 401;
return Task.CompletedTask;
};
o.Events.OnRedirectToAccessDenied = context =>
{
context.Response.StatusCode = 401;
return Task.CompletedTask;
};
})
.AddJwtBearer(options =>
{
//stuff
})
.AddSteam(x => x.ApplicationKey = "key");
This is my Startup.Configure:
//Was needed to avoid C# anti-forgery exception
app.UseCookiePolicy(new CookiePolicyOptions()
{
MinimumSameSitePolicy = SameSiteMode.Lax
});
//Just for debugging it live
app.UseDeveloperExceptionPage();
app.UseWebAssemblyDebugging();
if (env.IsDevelopment())
{
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
foreach (var description in provider.ApiVersionDescriptions)
{
c.SwaggerEndpoint($"{description.GroupName}/swagger.json", $"v{description.GroupName.ToUpperInvariant()}");
}
});
app.UseRouting();
app.UseCors("MyCorsPolicy");
app.UseAuthentication();
app.UseAuthorization();
app.UseClientRateLimiting();
app.UseIPFiltering();
app.UseEndpoints(endpoints =>
{
endpoints.MapRazorPages();
endpoints.MapControllers();
endpoints.MapFallbackToFile("index.html");
});
Example of calling the endpoint from Blazor Wasm:
<a href="/api/users/login" style="margin-top: 8px">
<img src="icons/steam.png" alt="Sign in through Steam" />
</a>
This is my login endpoint:
[HttpGet("login")]
public IActionResult Get()
{
if (User.Identity?.IsAuthenticated ?? false)
{
return Redirect("/");
}
return Challenge(new AuthenticationProperties { RedirectUri = "/" }, "Steam");
}
Expected behavior
I expect the page to correctly load the Steam page to authenticate the user when the app is deployed.
Additional information
I'm not sure what's wrong with my code here. It works when it's local but as soon as I deploy it on Heroku, it displays 404 when clicked on the button. In the local testing, it immediately went to the Steam page to authenticate.
I'm sorry that it's not a direct issue with your library but I would really appreciate some help since I've spent on this issue like 6 hours already. Thank you for help.
Update 1:
Chrome Console says:
Displaying NotFound because path 'api/users/login' with base URI 'url' does not match any component route
Update 2:
It seems that maybe CORB may be the issue here?
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://steamcommunity.com/openid/... with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
But I don't know what could cause it?
Update 3:
It seems like the Blazor Server doesn't need to be live for it to not work. I just tested it outside of Visual Studio (by running .exe file on my PC, both in debug and release) and it doesn't work, it displays 404, not found. So it looks like that it only works when I test it inside Visual Studio.
Update 4:
I've noticed that when I debug it in Visual Studio, Chrome console states:
blazor.webassembly.js:1 dbug: Microsoft.AspNetCore.Components.Routing.Router[3]
Navigating to non-component URI 'https://localhost:6001/api/users/login' in response to path 'api/users/login' with base URI 'https://localhost:6001/'
When I test it outside of Visual Studio:
dbug: Microsoft.AspNetCore.Components.Routing.Router[1]
Displaying NotFound because path 'api/users/login' with base URI 'https://localhost:5001/' does not match any component route
Why does it behave differently when I test it inside Visual Studio and outside?
Update 5:
I've created a new project - Blazor Wasm ASP.Net Core hosted (the original one wasn't that) just to test Steam authentication. When I published the app, the first call to Steam was successful. However, any further calls were unsuccessful (404, not found were shown). I have no idea why is this happening.