The Blazor server application is working locally with a locally stored certificate. But the application is not working in the Azure portal, it keeps on showing pick an account dialogue. Application is registered in Microsoft Entra ID. Application is added as managed identity in keyvault access. Return URL is set in app registration.
This is program.cs
using CertificateAuth.Server.Components;using Microsoft.AspNetCore.Authentication.OpenIdConnect;using Microsoft.Identity.Web;using Microsoft.Identity.Web.UI;var builder = WebApplication.CreateBuilder(args);builder.Services.AddRazorComponents() .AddInteractiveServerComponents() .AddInteractiveWebAssemblyComponents();builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd")) .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "User.Read", "User.Read.All" }) .AddMicrosoftGraph(builder.Configuration.GetSection("MicrosoftGraph")) .AddInMemoryTokenCaches();builder.Services.AddControllersWithViews() .AddMicrosoftIdentityUI();builder.Services.AddAuthorization(options =>{ options.FallbackPolicy = options.DefaultPolicy;});builder.Services.AddRazorComponents() .AddInteractiveServerComponents();builder.Services.AddHttpContextAccessor();var app = builder.Build();// Configure the HTTP request pipeline.if (app.Environment.IsDevelopment()){ app.UseWebAssemblyDebugging();}else{ app.UseExceptionHandler("/Error", createScopeForErrors: true); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts();}app.UseHttpsRedirection();app.UseStaticFiles();app.UseAntiforgery();app.UseAuthentication();app.UseAuthorization();app.MapRazorComponents<App>() .AddInteractiveServerRenderMode() .AddInteractiveWebAssemblyRenderMode() .AddAdditionalAssemblies(typeof(CertificateAuth.Client._Imports).Assembly);app.Run();This is my appsettings.json for the deployed app
{"Logging": {"LogLevel": {"Default": "Information","Microsoft.AspNetCore": "Warning" } },"AllowedHosts": "*","AzureAd": {"Instance": "https://login.microsoftonline.com/","Domain": "xxxx.onmicrosoft.com","TenantId": "730237e0-xxxx-xxxx-xxxx-ccb0e9661c1e","ClientId": "df903d59-xxxx-xxxx-xxxx-b55c1c3db538","ClientCertificates": [ {"SourceType": "KeyVault","KeyVaultUrl": "https://kvxxxxx.vault.azure.net/","CertificateName": "certificateauthsample" } ],"ValidateAuthority": true,"CallbackPath": "/signin-oidc" },"MicrosoftGraph": {"BaseUrl": "https://graph.microsoft.com/v1.0","Scopes": "User.Read.All" }}Authentication setting in EntraId
Certificate in EntraId
Certificate in Keyvault
Kayvault access policy
API Permissions in EntraId
Kudu application log
2024-08-30 11:33:54.484 +00:00 [Error] Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler: Exception occurred while processing message.System.ArgumentException: IDW10109: All client certificates passed to the configuration have expired or can't be loaded. (Parameter 'clientCredentials')at Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.WithClientCredentialsAsync(ConfidentialClientApplicationBuilder builder, IEnumerable1 clientCredentials, ILogger logger, ICredentialsLoader credentialsLoader, CredentialSourceLoaderParameters credentialSourceLoaderParameters) at Microsoft.Identity.Web.TokenAcquisition.BuildConfidentialClientApplicationAsync(MergedOptions mergedOptions) at Microsoft.Identity.Web.TokenAcquisition.GetOrBuildConfidentialClientApplicationAsync(MergedOptions mergedOptions) at Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthCodeRedemptionParameters authCodeRedemptionParameters) at Microsoft.Identity.Web.TokenAcquisitionAspNetCore.AddAccountToCacheFromAuthorizationCodeAsync(AuthorizationCodeReceivedContext context, IEnumerable1 scopes, String authenticationScheme)at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.<>c__DisplayClass11_1.<b__1>d.MoveNext()--- End of stack trace from previous location ---at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt)at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()2024-08-30 11:33:54.488 +00:00 [Error] Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware: An unhandled exception has occurred while executing the request.Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login.---> System.ArgumentException: IDW10109: All client certificates passed to the configuration have expired or can't be loaded. (Parameter 'clientCredentials')at Microsoft.Identity.Web.ConfidentialClientApplicationBuilderExtension.WithClientCredentialsAsync(ConfidentialClientApplicationBuilder builder, IEnumerable1 clientCredentials, ILogger logger, ICredentialsLoader credentialsLoader, CredentialSourceLoaderParameters credentialSourceLoaderParameters) at Microsoft.Identity.Web.TokenAcquisition.BuildConfidentialClientApplicationAsync(MergedOptions mergedOptions) at Microsoft.Identity.Web.TokenAcquisition.GetOrBuildConfidentialClientApplicationAsync(MergedOptions mergedOptions) at Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthCodeRedemptionParameters authCodeRedemptionParameters) at Microsoft.Identity.Web.TokenAcquisitionAspNetCore.AddAccountToCacheFromAuthorizationCodeAsync(AuthorizationCodeReceivedContext context, IEnumerable1 scopes, String authenticationScheme)at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.<>c__DisplayClass11_1.<b__1>d.MoveNext()--- End of stack trace from previous location ---at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt)at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()--- End of inner exception stack trace ---at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)