This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 77%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Blazor Web Assembly authentication issue in version 10.0.8
A free and open-source web framework that enables developers to create web apps using C# and HTML, developed by Microsoft.
@Danny Nguyen (WICLOUD CORPORATION) Replacing manually the AuthenticationService.js in 10.0.8 with the version from 10.0.7 works correctly with the 10.0.8 runtime, without any other changes. It looks like issue in the java script layer. Please share your thoughts on this. Thanks.
@Danny Nguyen (WICLOUD CORPORATION) Thank you for your response. I am currently using .NET SDK 10.0.300 along with MSAL 10.0.8. Could there be any version compatibility issues or potential lifecycle regressions contributing to this behavior?
I have also observed that AuthenticationService.js is not being executed during the login process, and the RemoteUserAccount object is returning null values. Interestingly, the same setup works as expected with runtime version 10.0.7 on the same SDK.
I would appreciate your insights on this. Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 49%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Hi @Muthukumar S , could you share a bit more detail about the issue? For example, what authentication setup/provider you’re using, the exact error or behavior you’re seeing, and whether this started only after updating to 10.0.8.
In the meantime, these docs may help with common Blazor WebAssembly authentication setup and troubleshooting:
If you can share the error message, browser console output, or relevant authentication configuration, it will be easier to suggest specific troubleshooting step.
Hi @Danny Nguyen (WICLOUD CORPORATION) Thanks for your response. I am using MSAL authentication, and after upgrading to version 10.0.8, the RemoteUserAccount is always null in the CreateUserAsync method within my ClaimFactory. The same configuration works perfectly up to version 10.0.7 using the same Visual Studio (v18.6.1). This issue is occurring only after the upgrade. So the Authentication is not working.
Hi @Muthukumar S , thank you for your follow up. I tested this with a clean Blazor WebAssembly + MSAL repro and wasn’t able to reproduce a general 10.0.8 regression.
What I observed is that CreateUserAsync can be called during the initial unauthenticated flow with RemoteUserAccount == null, and then called again after a successful sign-in with a populated account. In my test on 10.0.8, the post-login call had a non-null RemoteUserAccount, so authentication completed successfully.
Because of that, a custom AccountClaimsPrincipalFactory<RemoteUserAccount> should defensively handle the unauthenticated case, for example:
public override ValueTask<ClaimsPrincipal> CreateUserAsync(
RemoteUserAccount account,
RemoteAuthenticationUserOptions options)
{
if (account is null)
{
return base.CreateUserAsync(account, options);
}
// custom claim logic here
return base.CreateUserAsync(account, options);
}
If you can share a minimal repro or the custom claim-mapping code, that would help narrow down your problem.
@Danny Nguyen (WICLOUD CORPORATION) Thanks for your response. I am using dotnet SDK 10.0.300 and MSAL 10.0.8. Is there any version mismatch or any possible lifecycle regression. Because 10.0.7 run time is working fine with the same SDK.
Hi @Muthukumar S , I wasn’t able to reproduce a general compatibility issue between SDK 10.0.300 and MSAL 10.0.8 in a minimal repro, so this may be specific to your app or auth flow.
Could you share the following so I can compare it with a working sample?
Program.csAccountClaimsPrincipalFactory<RemoteUserAccount> implementation.csproj package versionsAuthenticationService.js or related auth script changesRemoteUserAccount is null only before sign-in, or still null after the login callback completesA minimal repro would be even better if you can provide one.
Hi, just checking in. Do you have any update on this post?
AI answer
In 10.0.8 the most common causes for IsAuthenticated == false and RemoteUserAccount == null after an upgrade are configuration or package coherence issues in the Blazor WebAssembly authentication stack.
Use the following checks and fixes:
Apply the recommended cleanup steps:
dotnet nuget locals all --clear
bin and obj folders.Also ensure that all Blazor and authentication-related packages target the same framework and are compatible with .NET 10.0.8. Using package versions incompatible with the app’s target framework isn’t supported.
Microsoft.AspNetCore.Components.WebAssembly.Authentication library and that the OIDC authentication process is wired as expected (login page /authentication/login, callback /authentication/login-callback, etc.).AuthenticationService.js) or MSAL version was customized or replaced, verify that the custom implementation still matches the 10.0.8 expectations. If a custom AuthenticationService is used, confirm the script reference is correct and loads before blazor.webassembly.js.If after these steps IsAuthenticated remains false, focus on:
/authentication/login and /authentication/login-callback.References: