Microsoft.AspNetCore.Authentication.JwtBearer Error when deploying Asp.Net Core with React.js template (dotnet SDK v7.0.101) to Azure Web App

Question

I have tried to deploy Asp.Net Core with React.js template (dotnet SDK v7.0.101) to a new Azure Web App with 'Individual Accounts' authentication type.

The application functions properly when using localhost but not after being deployed. I'm getting the following error:

[Error] 

Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:
 Exception occurred while processing message.System.NullReferenceException: 
Object reference not set to an instance of an object.at 
Microsoft.AspNetCore.ApiAuthorization.IdentityServer.
IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync(MessageReceivedContext messageReceivedContext)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()

I suspect its a problem with IdentityServer settings in appsettings.json:

    "IdentityServer": {
        "Clients": {
             "AspNetCoreWithReactjs": {
                "Profile": "IdentityServerSPA"
              }
            }
         },

When I deploy using appsettings.Development.json IdentityServer settings, the page loads but login doesn't work.

I'm hoping someone with knowledge of Asp.Net IdentiyServer can advise me what I need to do either in appsettings.json, program.cs or elsewhere to resolve this bug.

Besides the connection string nothing has been altered in the provided template so I'm not sure why it doesn't successfully deploy.

Expected outcome:

I was expecting the page to load and work in the same way as it does when running via localhost.

---

Steps to reproduce:

New Project

• Create a new project in Visual Studio 2022 Community Edition
• Use the Asp.Net Core With React.js template

Configure your new project:

• Project name: AspNetCoreWithReactjs
• Location: C:\Users...\source\repos
• Solution: Create new solution
• Solution name: AspNetCoreWithReactjs
• Place solution and project in the same directory: false

Additional information:

• Framework: .NET 7.0 (Standard Term Support)
• Authentication type: Individual Accounts
• Do not use top-level statements: false

Appsettings.json Connection String

• Changed DefaultConnection connection string to use my existing Azure Sql database
• Successfully ran ‘update-database’ in Package Manager Console

Publish Profile

• Target: Azure
• Specific target: Azure App Service (Windows)
• Name: AspNetCoreWithReactjs2023010123926
• Hosting Plan: Central US, S1

Publish:

• Configuration: Release
• Target Framework: net7.0
• Deployment Mode: Framework-dependent
• Target Runtime: Portable

After publishing, the url loads with a 500 server error:

• Browser log message: Failed to load resource: the server responed with a status of 500 ()
• Request URL: https:// AspNetCoreWithReactjs2023010123926.azurewebsites.net/
• Request Method: GET
• Referrer Policy: strict-origin-when-cross-origin
• Local Storage: null (no local storage objects)
• Cookies: ARRAffinitySameSite, ARRAffinity

Details from Azure logs:

Connecting...
2023-01-01T12:58:30  Welcome, you are now connected to log-streaming service. The default timeout is 2 hours. Change the timeout with the App Setting SCM_LOGSTREAM_TIMEOUT (in seconds).
2023-01-01 12:58:36.131 +00:00 [Error] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Exception occurred while processing message.System.NullReferenceException: Object reference not set to an instance of an object.at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync(MessageReceivedContext messageReceivedContext)at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
2023-01-01 12:58:36.150 +00:00 [Error] Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer: Connection ID "17582052946865029492", Request ID "80000176-0000-f400-b63f-84710c7967bb": An unhandled exception was thrown by the application.System.NullReferenceException: Object reference not set to an instance of an object.at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync(MessageReceivedContext messageReceivedContext)at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()
#Software: Microsoft Internet Information Services 8.0
#Fields: date time s-sitename cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2023-01-01 12:57:59 ASPNETCOREWITHREACTJS20230101233926 GET / X-ARR-LOG-ID=392d3d5f-4c6c-47ff-b6a1-c99b689a7fb2 443 - 120.148.130.43 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/108.0.0.0+Safari/537.36+Edg/108.0.1462.54 ARRAffinity=146b48f2ff5efabcc69048783c5815d34c57b6d7adedb21b164d0e292cee67ef;+ARRAffinitySameSite=146b48f2ff5efabcc69048783c5815d34c57b6d7adedb21b164d0e292cee67ef https://portal.azure.com/ aspnetcorewithreactjs20230101233926.azurewebsites.net 500 0 0 366 1700 5379
2023-01-01 12:57:59 ~1ASPNETCOREWITHREACTJS20230101233926 GET /api/logstream/ X-ARR-LOG-ID=058aae75-bbeb-442b-adf5-7585174fab8b 443 - 120.148.130.43 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/108.0.0.0+Safari/537.36+Edg/108.0.1462.54 - - aspnetcorewithreactjs20230101233926.scm.azurewebsites.net 200 0 64 672 1603 35233
 

Screenshots:

Step1

Step2

Step3

Step7

Step9

Step10

ErrorImage3

IdentityServerJwtBearerOptionsConfiguration

I found the offending class on GitHub: https://github.com/dotnet/aspnetcore/blob/main/src/Identity/ApiAuthorization.IdentityServer/src/Authentication/IdentityServerJwtBearerOptionsConfiguration.cs

Is it possible to 'scaffold' libaries that are imported as DLLs so I can stick a breakpoint in it? I know this would only work for the development version but still might provide some insights.

C# is a great language to code in but its way more difficult than eg Node.js to debug errors related to 3rd party libraries.

I should probably just move on to a Duende sample but this default template bug has me triggered.

Answer 1

Have you read Microsofts post for IdentityServer Host in Azure App Service with a custom domain and certificate? Given that IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync fails I think it is related to this.

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-identity-server?view=aspnetcore-7.0&tabs=visual-studio#host-in-azure-app-service-with-a-custom-domain-and-certificate

Written for Blazor WebAssembly but Identity Server areas are still the same.

I have written an answer how to solve it here as well:

https://stackoverflow.com/a/66448397/3850405