I'm trying to run default Blazor WebAssembly project template on my web server. Project, when ran locally, works without any problems. Problem appears after I deploy it to server.
I can successfully navigate to any page that doesn't require authentication. However, when I try to enter the one requiring login, I can see such message:
There was an error trying to log you in: 'Network Error'
In web browser console I can see:
Blocked loading mixed active content “http://[subdomain.domain.com]/.well-known/openid-configuration”
In Firefox's "Network" tab, request is marked as "Blocked".
My webserver runs on Nginx which acts as reverse proxy. I planned to keep HTTPS encryption configured between internet and Nginx. Communication between Nginx and other services were meant to be over plain HTTP. Here is my Nginx config:
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
[...]
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name subdomain.domain.com;
ssl_certificate /etc/nginx_ssl/live/fullchain.pem;
ssl_certificate_key /etc/nginx_ssl/live/privkey.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://blazorapp:80;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
As you can see from browser error message, browser tries to access .well-known/openid-configuration
over HTTP, not HTTPS. The problem possibly lays here.
Do you have any ideas what could be wrong?
Blazor lets you build interactive web UIs using C# instead of JavaScript. Blazor apps are composed of reusable web UI components implemented using C#, HTML, and CSS. Both client and server code is written in C#, allowing you to share code and libraries.
Blazor uses a Mono-compiled version of the . NET Runtime compiled to a WASM module to execute .
The Blazor Server hosting model offers several benefits: Download size is significantly smaller than a Blazor WebAssembly app, and the app loads much faster. -The app takes full advantage of server capabilities, including the use of . NET Core APIs.
Use a custom web.config file in the project's root folder. For a hosted Blazor WebAssembly solution, place the file in the Server project's folder. Publish the project. For a hosted Blazor WebAssembly solution, publish the solution from the Server project.
I have the very same issue, and also would like to know the correct answer because what I've found so far seems like a mere workaround:
Add
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
to the <head>
section of Client/wwwroot/index.html
and Server/Pages/Shared/_Layout.shtml
.
With this, the application shows "Authorizing..." and "Checking login state..." much longer than it did being accessed via http, but at least it works.
UPDATE
The previous solution was a lame workaround indeed. I think I have found a better one.
The original issue occurred because openid-configuration contained URLs using different schema: http instead of https. We can change the base URL used by IdentityServer by registering it this way in Startup.cs:
services.AddIdentityServer(
options => {
options.PublicOrigin = Configuration.GetValue<string>("PublicOrigin");
})
Surely, we also have to provide a correct URL in appsettings.json:
{
//snip
"PublicOrigin": "https://subdomain.domain.com",
//snip
}
Now it works just fine for me.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With