Razor Page @attibute[Authorize] FAILS for everyone after first disconnect - Blazor Server

Question

PLEASE HELP ANY SUGGESTION WOULD BE APPRECIATED. In production the first user has no issue but any user after including the first, if they return, cannot access any page with @attibute[Authorize]. I use Auth0 to manage User Pools.

This does not occur locally simply because only one user "developer" tests the site. First user connected.

The site breaks after these logs.

Connection id "0HMFRUPK7S99E" sending FIN because: "The client closed the connection." 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HMFRUPK7S99E" disconnecting. 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HMFRUPK7S99E" completed keep alive response. 02:43:34 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST https://example.com/_blazor/disconnect multipart/form-data;+boundary=---------------------------139792296522211296111044067565 397 - 200 0 - 54.1590ms 02:43:34 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HMFRUPK7S99E" stopped.

Afterwards, the nav menu loads but no one can navigate to any page that has @attibute[Authorize]

02:44:09

[VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport] Message received. Type: Binary, size: 26, EndOfMessage: True. 02:44:10 [VRB][Microsoft.AspNetCore.Http.Connections.Internal.Transports.WebSocketsTransport] Message received. Type: Binary, size: 3, EndOfMessage: True.

I'm not sure if it's middleware or else where:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseResponseCompression();

        // Configure the HTTP request pipeline.
        if (!env.IsDevelopment())
        {
            app.UseExceptionHandler("/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();

        app.UseRouting();

        //app.UseCookiePolicy();
        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapRazorPages();
            endpoints.MapBlazorHub();
            endpoints.MapFallbackToPage("/_Host");
        });
    }

This is the config for Auth0. In appsetting.json I have:

"Auth0": {
    "Authority": "https://************************",
    "ClientId": "*******************************",
    "ClientSecret": "*************************************************",
    "Audience": "************************",
    "ResponseType": "code",
    "DefaultScopes": "email"
  }

This is my configure Auth0 as a service:

services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for non-essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

services.AddAuthentication(options => {
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("Auth0", options => {
    Configuration.Bind("Auth0", options);
    options.Scope.Clear();
    options.Scope.Add("openid");

    options.CallbackPath = new PathString("/callback");
    options.ClaimsIssuer = "Auth0";
    options.SaveTokens = true;

    options.TokenValidationParameters = new()
    {
        NameClaimType = "name",
    };

    options.Events = new OpenIdConnectEvents
    {
        // handle the logout redirection 
        OnRedirectToIdentityProviderForSignOut = (context) =>
        {
            var logoutUri = $"https://{Configuration["Auth0:Domain"]}/v2/logout?client_id={Configuration["Auth0:ClientId"]}";

            var postLogoutUri = context.Properties.RedirectUri;
            if (!string.IsNullOrEmpty(postLogoutUri))
            {
                if (postLogoutUri.StartsWith("/"))
                {
                    // transform to absolute
                    var request = context.Request;
                    postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                }
                logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
            }

            context.Response.Redirect(logoutUri);
            context.HandleResponse();

            return Task.CompletedTask;
        }
    };

});

I would really appreciate any help. Thank you in advance

Answer 1

After much investigation the true answer to my problem was that I could not use AddScope to inject my Entity Framework data store. I had to change it to AddSingleton.