The BlazorWasm sample can not see the bff endpoint after deployment to the Azure App Service.

[oleinselmannhaagensen]

Which version of Duende BFF are you using?
2.2.0

Which version of .NET are you using?
8.0

Describe the bug

I downloaded the BFF sample from the GitHub Samples site.
The link is https://github.com/DuendeSoftware/Samples/tree/main/IdentityServer/v7/BFF/BlazorWasm

I have not changed anything in the code.
I select the BlazorWasm.Server project and publish it to my Azure App Service.
The settings in the App Service are standard configurations. See later in the description.
When I click on Log In, it gives me an error message.

Sorry, there's nothing at this address.

It works fine when I run locally on my computer.

I have tried to add UseForwardedHeaders. No difference.

Expected behavior

Should show me the login page when using https://demo.duendesoftware.com

Azure App Service configuration

Stack: .net
.net version .net 8
32 bit
Windows not container
The rest of the parameters are the default

Kindly regards,

Ole

[RolandGuijt]

I just tried the steps you outlined and it worked straight away. (https://blazorwasmserver20250104121538.azurewebsites.net/)

Are there any restrictions on the app plan or subscription you're using perhaps? Or maybe there's a browser issue. Can you try with another browser please?

[oleinselmannhaagensen]

Hi again

Sorry for the delay in my answer.

I can confirm that the BlazorWasm example is working.

But I need the solution as a PWA. So, I added PWA support.

It's still working, but the browser log shows error messages. The Duende login is shown at the top of the window and can be closed. See the screenshot.

There are these two errors in the browser log

• Fetch event handler is recognized as no-op. No-op fetch handler may bring overhead during navigation. Consider removing the handler if possible
• An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing

But the app I am working on is not working.

I have added something that does not work, so I will try adding the components individually.

I still want to use the BFF setup and the Hosted Blazor.

How can I have more control of the log in and log out process, so it's not just a

Log in or <a href="@context.User.FindFirst("bff:logout_url")?.Value">Log out

[oleinselmannhaagensen]

I think I have found the reason why I get the error

"Sorry, there's nothing at this address"

when I press the log-in link browsing to bff/login.

It's related to running BlazorWasm upgraded to .net 9.

I have tried switching between .net 8 and .net 9. When upgrading to .net 9 and then back to .net 8, it only works again if I run the browser in private mode. I used both Edge and Chrome in private mode. Then, after logging in to .net 8 mode, I can successfully use the browser in normal mode again. It doesn't matter if I run in PWA mode or browser mode.

So, I have a theory about Azure Web App, Bff, and .net 9. As a note running in Blazor Server interactive mode works fine in .net9. I have only seen the problem in Blazor Webassembly mode.

Upgrading BlazorWasm to the newest Duende.BFF version 2.3 and the newest .net 8 packages are also working fine

[RolandGuijt]

Note that any release of BFF before the latest one doesn't have .NET 9 support.
Also: is IdentityServer also running in .NET 9? In that case you'll need 7.1 which is in RC at the moment.

If you are on the correct versions for both IdentityServer and BFF, do you still have a problem? If so please update your GitHub repo with the PWA changes you did so we can investigate.

[oleinselmannhaagensen]

I am working on two projects. A copy of the BlazorWasm and the reel project

My copy of BlazorWasm is working fine using .net 8 and running from Azure.

Compared to the BlazorWasm project, I have added the following for the reel project:

• An Identity.API project running .net 9
• PWA support
• Controllers in the Server project
• HTTP consumers in the Client project
• Database for the configuration Data using EF Core and SQL Server
• Database for the operational Data using EF Core and SQL Server
• Asp.net Identity Integration having the application users in a SQL Server
• Swagger support

The hosted Blazor app has its own Azure App Service, and the Duende Identity Server has its own Azure App Service.

The main software components are for the Identity Server:

• Duende.IdentityServer.AspNetIdentity 7.1.0-rc.2
• Duende.IdentityServer.EntityFramework 7.1.0-rc.2
• Microsoft.AspNetCore.Identity.EntityFrameworkCore 9.0.0
• Microsoft.EntityFrameworkCore.Design 9.0.0
• Microsoft.EntityFrameworkCore.SqlServer 9.0.0
• Serilog.AspNetCore 9.0.0

The main software components for the hosted Server are :

• Microsoft.AspNetCore.Components.WebAssembly.Server 9.0.0
• Microsoft.AspNetCore.Authentication.OpenIdConnect 9.0.0
• Duende.BFF 2.3.0
• Microsoft.AspNetCore.Authentication.JwtBearer 9.0.0

The main software components are for the Client:

• Microsoft.AspNetCore.Components.WebAssembly 9.0.0
• Microsoft.AspNetCore.Components.WebAssembly.DevServer 9.0.0
• Microsoft.Extensions.Http 9.0.0
• Microsoft.AspNetCore.Components.WebAssembly.Authentication 9.0.0

When I run the solution from my laptop, everything works fine. It's using a locally installed SQL Server.

When I deploy the Identity Server and the Hosted App project to Azure, I get the following.

• The discovery document works fine, and all endpoints start with https://
• The /diagnostics endpoint is not found as expected
• The /grants endpoint works fine

When I deploy the hosted app to Azure, I get the following (running as a web app, not PWA).
All information is listed when running in a private window in Edge and Incognito in Chrome.

Chrome

• Index.html is working fine
• bff/login not working

Edge private

• Index.html is working fine
• bff/login is working and direct to /Account/Login on the Identity Server
• When I enter the credentials, the /signin-oidc endpoint for the hosted app is not working.

If I call the two endpoints manually /signin-oidc and /signout-callback-oidc they fail with Not found.

It has worked two times, but I don't know why, and I can't recreate the situation where it worked.

I can prepare a repo in my Github repo and share a link when I have removed the private part of the code.

Also, I will add error handling in the code to get more info than just "Not found" message.