'Blazor Server App is not accessing KeyVault secrets for AAD Authentication correctly

I set up a Blazor Server App in Visual Studio 2022, including the Windows Authentication. It set up everything automatically, I added the Domain, ClientID and TenantID (App Service in AAD) to appsettings.json and everything worked fine.

Then I set up a KeyVault to store these secrets in it and changed the appsettings.json, only containing dummy data.

  "AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "this.is.domain",
"TenantId": "11111111-1111-1111-1111-111111111111",
"ClientId": "22222222-2222-2222-2222-222222222222",
"CallbackPath": "/signin-oidc"}

When I try to run the App it's giving me the following exception:

IOException: IDX20807: Unable to retrieve document from: 'https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111/v2.0/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent

So it's not accessing the KeyVault secrets correctly, instead it's using the appsettings.json secrets. The values in the KeyVault are correct, since for my colleague the project is working. If I enter the correct secrets (meaning no dummy data) in the appsettings.json file, everything works fine.

All the access policies are set up. I am able to retrieve the correct secrets (see in below code: kvsTenantValue etc.).

The code itself seems to be working, since it is working for my colleague. So what is the problem here? Please bear with me, new to .NET, Blazor and #C! :-)

Thank you in advance for any help!

Here's my whole Program.cs file:

using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Components;
using Microsoft.AspNetCore.Components.Web;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
using TIC.Data;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
using Microsoft.IdentityModel.Logging;

var builder = WebApplication.CreateBuilder(args);

Uri keyVaultEndpoint = new(Environment.GetEnvironmentVariable("VaultUri"));
DefaultAzureCredential dac = new DefaultAzureCredential();

SecretClient sClient = new SecretClient(keyVaultEndpoint, dac);
KeyVaultSecret kvsTenant = sClient.GetSecret("AzureAd-TenantId");   //giving me the correct values
KeyVaultSecret kvsClient = sClient.GetSecret("AzureAd-ClientId");   //giving me the correct values
KeyVaultSecret kvsDomain = sClient.GetSecret("AzureAd-Domain");     //giving me the correct values
//KeyVaultSecret kvsError = sClient.GetSecret("AzureAd-Error");

string kvsTenantValue = kvsTenant.Value;
string kvsClientValue = kvsClient.Value;
string kvsDomainValue = kvsDomain.Value;
//string kvsErrorValue = kvsTenant.Value;

builder.Configuration.AddAzureKeyVault(keyVaultEndpoint, dac);

// Add services to the container.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddControllersWithViews()
    .AddMicrosoftIdentityUI();

builder.Services.AddAuthorization(options =>
{
    // By default, all incoming requests will be authorized according to the default policy
    options.FallbackPolicy = options.DefaultPolicy;
});

builder.Services.AddRazorPages();
builder.Services.AddServerSideBlazor()
    .AddMicrosoftIdentityConsentHandler();
builder.Services.AddSingleton<WeatherForecastService>();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Error");
    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
    app.UseHsts();
}

Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

app.UseHttpsRedirection();

app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();
app.MapBlazorHub();
app.MapFallbackToPage("/_Host");

app.Run();
.netazure-active-directoryblazorazure-keyvaultazure-authentication


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

detect events on powerpoint shapes from C#

detect events on powerpoint shapes from C#

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

What does "Beta: Use Unicode UTF-8 for worldwide language support" actually do?

Class not inheriting from object?

Class not inheriting from object?

What is a StickyLabel, and why does it sit in a ContextMenuStrip.Contols collection?

Using a BindingSource, how do I tell if I have changes pending?

Secure cookies flag always getting lost in first session after resetting IIS

Including Pictures in an Outlook Email

automapper map interface to interface or object

Union two list by property

Suggestions for designing complex LINQ code

VS 2022 - cannot change Target Platform to .Net 6.0 for a project created in VS 2019

How to programmatically derive Windows Downloads folder "%USERPROFILE%/Downloads"?