dotnet · javiercn · Mar 16, 2020 · Mar 16, 2020 · Mar 16, 2020 · Mar 16, 2020
@@ -24,7 +24,12 @@ public class MsalProviderOptions
         /// <summary>
         /// Gets or sets the msal.js cache options.
         /// </summary>
-        public MsalCacheOptions Cache { get; set; }
+        public MsalCacheOptions Cache { get; set; } = new MsalCacheOptions
+        {
+            // This matches the defaults in msal.js
+            CacheLocation = "sessionStorage",
+            StoreAuthStateInCookie = false
+        };
 
         /// <summary>
         /// Gets or set the list of default access tokens scopes to provision during the sign-in flow.

@@ -40,11 +40,6 @@ public void Configure(RemoteAuthenticationOptions<MsalProviderOptions> options)
             }
 
             options.ProviderOptions.Authentication.NavigateToLoginRequestUrl = false;
-            options.ProviderOptions.Cache = new MsalCacheOptions
-            {
-                CacheLocation = "localStorage",
-                StoreAuthStateInCookie = true
-            };
         }
 
         public void PostConfigure(string name, RemoteAuthenticationOptions<MsalProviderOptions> options)

@@ -23,15 +23,23 @@ public static class MsalWebAssemblyServiceCollectionExtensions
         /// <param name="configure">The <see cref="Action{RemoteAuthenticationOptions{MsalProviderOptions}}"/> to configure the <see cref="RemoteAuthenticationOptions{MsalProviderOptions}"/>.</param>
         /// <returns>The <see cref="IServiceCollection"/>.</returns>
         public static IServiceCollection AddMsalAuthentication(this IServiceCollection services, Action<RemoteAuthenticationOptions<MsalProviderOptions>> configure)
+        {
+            return AddMsalAuthentication<RemoteAuthenticationState>(services, configure);
+        }
+
+        /// <summary>
+        /// Adds authentication using msal.js to Blazor applications.
+        /// </summary>
+        /// <typeparam name="TRemoteAuthenticationState">The type of the remote authentication state.</typeparam>
+        /// <param name="services">The <see cref="IServiceCollection"/>.</param>
+        /// <param name="configure">The <see cref="Action{RemoteAuthenticationOptions{MsalProviderOptions}}"/> to configure the <see cref="RemoteAuthenticationOptions{MsalProviderOptions}"/>.</param>
+        /// <returns>The <see cref="IServiceCollection"/>.</returns>
+        public static IServiceCollection AddMsalAuthentication<TRemoteAuthenticationState>(this IServiceCollection services, Action<RemoteAuthenticationOptions<MsalProviderOptions>> configure)
+            where TRemoteAuthenticationState : RemoteAuthenticationState, new()
         {
             services.AddRemoteAuthentication<RemoteAuthenticationState, MsalProviderOptions>();
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<RemoteAuthenticationOptions<MsalProviderOptions>>, MsalDefaultOptionsConfiguration>());
 
-            if (configure != null)
-            {
-                services.Configure(configure);
-            }
-
             return services;
         }
     }

@@ -253,15 +253,26 @@ class OidcAuthorizeService implements AuthorizeService {
 export class AuthenticationService {
 
     static _infrastructureKey = 'Microsoft.AspNetCore.Components.WebAssembly.Authentication';
-    static _initialized = false;
+    static _initialized : Promise<void>;
     static instance: OidcAuthorizeService;
 
     public static async init(settings: UserManagerSettings & AuthorizeServiceSettings) {
+        // Multiple initializations can start concurrently and we want to avoid that.
+        // In order to do so, we create an initialization promise and the first call to init
+        // tries to initialize the app and sets up a promise other calls can await on.
         if (!AuthenticationService._initialized) {
-            AuthenticationService._initialized = true;
-            const userManager = await this.createUserManager(settings);
-            AuthenticationService.instance = new OidcAuthorizeService(userManager);
+            this._initialized = new Promise(async (resolve, reject) => {
+                try {
+                    const userManager = await this.createUserManager(settings);
+                    AuthenticationService.instance = new OidcAuthorizeService(userManager);
+                    resolve();
+                } catch (e) {
+                    reject(e);
+                }
+            });
         }
+
+        await this._initialized;
     }
 
     public static getUser() {

@@ -1,4 +1,5 @@
 {
+  "private": true,
   "scripts": {
     "build": "npm run build:release",
     "build:release": "webpack --mode production --env.production --env.configuration=Release",

@@ -16,6 +16,11 @@ public class OidcProviderOptions
         /// </summary>
         public string Authority { get; set; }
 
+        /// <summary>
+        /// Gets or sets the metadata url of the oidc provider.
+        /// </summary>
+        public string MetadataUrl { get; set; }
+
         /// <summary>
         /// Gets or sets the client of the application.
         /// </summary>

@@ -78,50 +78,83 @@ public static IServiceCollection AddRemoteAuthentication<TRemoteAuthenticationSt
         /// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
         public static IServiceCollection AddOidcAuthentication(this IServiceCollection services, Action<RemoteAuthenticationOptions<OidcProviderOptions>> configure)
         {
-            AddRemoteAuthentication<RemoteAuthenticationState, OidcProviderOptions>(services, configure);
+            return AddOidcAuthentication<RemoteAuthenticationState>(services, configure);
+        }
 
+        /// <summary>
+        /// Adds support for authentication for SPA applications using <see cref="OidcProviderOptions"/> and the <see cref="RemoteAuthenticationState"/>.
+        /// </summary>
+        /// <typeparam name="TRemoteAuthenticationState">The type of the remote authentication state.</typeparam>
+        /// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
+        /// <param name="configure">An action that will configure the <see cref="RemoteAuthenticationOptions{TProviderOptions}"/>.</param>
+        /// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
+        public static IServiceCollection AddOidcAuthentication<TRemoteAuthenticationState>(this IServiceCollection services, Action<RemoteAuthenticationOptions<OidcProviderOptions>> configure)
+            where TRemoteAuthenticationState : RemoteAuthenticationState, new()
+        {
             services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<RemoteAuthenticationOptions<OidcProviderOptions>>, DefaultOidcOptionsConfiguration>());
 
-            if (configure != null)
-            {
-                services.Configure(configure);
-            }
-
-            return services;
+            return AddRemoteAuthentication<TRemoteAuthenticationState, OidcProviderOptions>(services, configure);
         }
 
         /// <summary>
         /// Adds support for authentication for SPA applications using <see cref="ApiAuthorizationProviderOptions"/> and the <see cref="RemoteAuthenticationState"/>.
         /// </summary>
+        /// <typeparam name="TRemoteAuthenticationState">The type of the remote authentication state.</typeparam>
         /// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
         /// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
         public static IServiceCollection AddApiAuthorization(this IServiceCollection services)
         {
-            var inferredClientId = Assembly.GetCallingAssembly().GetName().Name;
-
-            services.AddRemoteAuthentication<RemoteAuthenticationState, ApiAuthorizationProviderOptions>();
-
-            services.TryAddEnumerable(
-                ServiceDescriptor.Singleton<IPostConfigureOptions<RemoteAuthenticationOptions<ApiAuthorizationProviderOptions>>, DefaultApiAuthorizationOptionsConfiguration>(_ =>
-                new DefaultApiAuthorizationOptionsConfiguration(inferredClientId)));
+            return AddApiauthorizationCore<RemoteAuthenticationState>(services, configure: null, Assembly.GetCallingAssembly().GetName().Name);
+        }
 
-            return services;
+        /// <summary>
+        /// Adds support for authentication for SPA applications using <see cref="ApiAuthorizationProviderOptions"/> and the <see cref="RemoteAuthenticationState"/>.
+        /// </summary>
+        /// <typeparam name="TRemoteAuthenticationState">The type of the remote authentication state.</typeparam>
+        /// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
+        /// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
+        public static IServiceCollection AddApiAuthorization<TRemoteAuthenticationState>(this IServiceCollection services)
+            where TRemoteAuthenticationState : RemoteAuthenticationState, new()
+        {
+            return AddApiauthorizationCore<TRemoteAuthenticationState>(services, configure: null, Assembly.GetCallingAssembly().GetName().Name);
         }
 
         /// <summary>
         /// Adds support for authentication for SPA applications using <see cref="ApiAuthorizationProviderOptions"/> and the <see cref="RemoteAuthenticationState"/>.
         /// </summary>
+        /// <typeparam name="TRemoteAuthenticationState">The type of the remote authentication state.</typeparam>
         /// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
         /// <param name="configure">An action that will configure the <see cref="RemoteAuthenticationOptions{ApiAuthorizationProviderOptions}"/>.</param>
         /// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
         public static IServiceCollection AddApiAuthorization(this IServiceCollection services, Action<RemoteAuthenticationOptions<ApiAuthorizationProviderOptions>> configure)
         {
-            services.AddApiAuthorization();
+            return AddApiauthorizationCore<RemoteAuthenticationState>(services, configure, Assembly.GetCallingAssembly().GetName().Name);
+        }
 
-            if (configure != null)
-            {
-                services.Configure(configure);
-            }
+        /// <summary>
+        /// Adds support for authentication for SPA applications using <see cref="ApiAuthorizationProviderOptions"/> and the <see cref="RemoteAuthenticationState"/>.
+        /// </summary>
+        /// <typeparam name="TRemoteAuthenticationState">The type of the remote authentication state.</typeparam>
+        /// <param name="services">The <see cref="IServiceCollection"/> to add the services to.</param>
+        /// <param name="configure">An action that will configure the <see cref="RemoteAuthenticationOptions{ApiAuthorizationProviderOptions}"/>.</param>
+        /// <returns>The <see cref="IServiceCollection"/> where the services were registered.</returns>
+        public static IServiceCollection AddApiAuthorization<TRemoteAuthenticationState>(this IServiceCollection services, Action<RemoteAuthenticationOptions<ApiAuthorizationProviderOptions>> configure)
+            where TRemoteAuthenticationState : RemoteAuthenticationState, new()
+        {
+            return AddApiauthorizationCore<TRemoteAuthenticationState>(services, configure, Assembly.GetCallingAssembly().GetName().Name);
+        }
+
+        private static IServiceCollection AddApiauthorizationCore<TRemoteAuthenticationState>(
+            IServiceCollection services,
+            Action<RemoteAuthenticationOptions<ApiAuthorizationProviderOptions>> configure,
+            string inferredClientId)
+            where TRemoteAuthenticationState : RemoteAuthenticationState, new()
+        {
+            services.TryAddEnumerable(
+                ServiceDescriptor.Singleton<IPostConfigureOptions<RemoteAuthenticationOptions<ApiAuthorizationProviderOptions>>, DefaultApiAuthorizationOptionsConfiguration>(_ =>
+                new DefaultApiAuthorizationOptionsConfiguration(inferredClientId)));
+
+            services.AddRemoteAuthentication<TRemoteAuthenticationState, ApiAuthorizationProviderOptions>(configure);
 
             return services;
         }

@@ -52,8 +52,8 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
             app.UseRouting();
 
-            app.UseAuthentication();
             app.UseIdentityServer();
+            app.UseAuthentication();
             app.UseAuthorization();
 
             app.UseEndpoints(endpoints =>

diff --git a/...ponentsWebAssembly.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Client/App.razor b/...ponentsWebAssembly.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Client/App.razor
@@ -15,7 +15,14 @@
         <Found Context="routeData">
             <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
                 <NotAuthorized>
-                    <RedirectToLogin />
+                    @if(!context.User.Identity.IsAuthenticated)
-                    @if(!context.User.Identity.IsAuthenticated)
+                    @if (!context.User.Identity.IsAuthenticated)
-                    @if(!context.User.Identity.IsAuthenticated)
+                    @if (!context.User.Identity.IsAuthenticated)
+                    {
+                        <RedirectToLogin />
+                    }
+                    else
+                    {
+                        <p>You are not authorized to access this resource.</p>
+                    }
                 </NotAuthorized>
             </AuthorizeRouteView>
         </Found>

diff --git a/...ProjectTemplates/content/ComponentsWebAssembly-CSharp/Client/Shared/RedirectToLogin.razor b/...ProjectTemplates/content/ComponentsWebAssembly-CSharp/Client/Shared/RedirectToLogin.razor
@@ -3,6 +3,6 @@
 @code {
     protected override void OnInitialized()
     {
-        Navigation.NavigateTo($"authentication/login?returnUrl={Navigation.Uri}");
+        Navigation.NavigateTo($"authentication/login?returnUrl={Uri.EscapeDataString(Navigation.Uri)}");
     }
 }
diff --git a/...onentsWebAssembly.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Server/Startup.cs b/...onentsWebAssembly.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Server/Startup.cs
@@ -107,12 +107,12 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
             app.UseRouting();
 
-#if (OrganizationalAuth || IndividualAuth)
-            app.UseAuthentication();
-#endif
 #if (IndividualLocalAuth)
             app.UseIdentityServer();
 #endif
+#if (OrganizationalAuth || IndividualAuth)
+            app.UseAuthentication();
+#endif
 #if (!NoAuth)
             app.UseAuthorization();