[Blazor WASM] UserOptions not bound when published

[aguacongas]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

When the RemoteAuthenticationOptions.UserOptions is bound to a configuration section, RoleClaim is not well read from the configuration when plublished.

builder.Services.AddOidcAuthentication(options =>
{
var providerOptions = options.ProviderOptions;
providerOptions.Authority = "https://www.theidserver.com/";
providerOptions.ClientId = "blazorissueclient";
providerOptions.ResponseType = "code";
providerOptions.DefaultScopes.Add("blazorissueapi");
// doesn't work when published
builder.Configuration.Bind(nameof(options.UserOptions), options.UserOptions);
// options.UserOptions.RoleClaim = "role"; works always.
}).AddAccountClaimsPrincipalFactory();

Expected Behavior

RoleClaim should be read from the configuration and work as using dotnet run or when launched with VS.

Steps To Reproduce

Using this repo.

• Launch the server with :

❯ dotnet run
Building...
info: Duende.IdentityServer.Startup[0]
      Starting Duende IdentityServer version 5.2.0+1c3f1fadb0fa7a4bea3f4a6f7028cbfcff3b9918 (.NET 7.0.0-preview.4.22229.4)
warn: Duende.IdentityServer[0]
      You do not have a valid license key for Duende IdentityServer. This is allowed for development and testing scenarios. If you are running in production you are required to have a licensed version. Please start a conversation with us: https://duendesoftware.com/contact
info: Duende.IdentityServer.Startup[0]
      Using explicitly configured authentication scheme Identity.Application for IdentityServer
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
      Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
      Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
      Content root path: C:\Projects\Tests\BlazorAuthIssue\Server

• Navigate to the /fetchdata and login with blazorissueuser pwd: Pass123$

The page display the forecast. Everthing is OK.

• Publish the server with

❯ dotnet publish -c Release
Microsoft (R) Build Engine version 17.3.0-preview-22226-04+f15ed2652 for .NET
Copyright (C) Microsoft Corporation. All rights reserved.

  Determining projects to restore...
  Restored C:\Projects\Tests\BlazorAuthIssue\Shared\BlazorAuthIssue.Shared.csproj (in 129 ms).
  Restored C:\Projects\Tests\BlazorAuthIssue\Client\BlazorAuthIssue.Client.csproj (in 437 ms).
  Restored C:\Projects\Tests\BlazorAuthIssue\Server\BlazorAuthIssue.Server.csproj (in 438 ms).
C:\Program Files\dotnet\sdk\7.0.100-preview.4.22252.9\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(216,5): message NETSDK1057:
You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\Projects\Tests\BlazorAuthIssue\Server\BlazorAuthIssue.Server.csproj]
C:\Program Files\dotnet\sdk\7.0.100-preview.4.22252.9\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.RuntimeIdentifierInference.targets(216,5): message NETSDK1057:
You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy [C:\Projects\Tests\BlazorAuthIssue\Shared\BlazorAuthIssue.Shared.csproj]
  BlazorAuthIssue.Shared -> C:\Projects\Tests\BlazorAuthIssue\Shared\bin\Release\net7.0\BlazorAuthIssue.Shared.dll
  BlazorAuthIssue.Client -> C:\Projects\Tests\BlazorAuthIssue\Client\bin\Release\net7.0\BlazorAuthIssue.Client.dll
  BlazorAuthIssue.Client (Blazor output) -> C:\Projects\Tests\BlazorAuthIssue\Client\bin\Release\net7.0\wwwroot
  BlazorAuthIssue.Server -> C:\Projects\Tests\BlazorAuthIssue\Server\bin\Release\net7.0\BlazorAuthIssue.Server.dll
  Optimizing assemblies for size may change the behavior of the app. Be sure to test after publishing. See: https://aka.ms/dotnet-illink
  Compressing Blazor WebAssembly publish artifacts. This may take a while...
  BlazorAuthIssue.Server -> C:\Projects\Tests\BlazorAuthIssue\Server\bin\Release\net7.0\publish\

• Launch the published in the publish folder server with

❯ .\BlazorAuthIssue.Server.exe
info: Duende.IdentityServer.Startup[0]
      Starting Duende IdentityServer version 5.2.0+1c3f1fadb0fa7a4bea3f4a6f7028cbfcff3b9918 (.NET 7.0.0-preview.4.22229.4)
warn: Duende.IdentityServer[0]
      You do not have a valid license key for Duende IdentityServer. This is allowed for development and testing scenarios. If you are running in production you are required to have a licensed version. Please start a conversation with us: https://duendesoftware.com/contact
info: Duende.IdentityServer.Startup[0]
      Using explicitly configured authentication scheme Identity.Application for IdentityServer
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
      Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
      Hosting environment: Production
info: Microsoft.Hosting.Lifetime[0]
      Content root path: C:\Projects\Tests\BlazorAuthIssue\Server\bin\Release\net7.0\publish

• Navigate to the */fetchdata" and login with blazorissueuser pwd: Pass123$

The page display :

You are not authorized to access this resource.

Exceptions (if any)

No response

.NET Version

7.0.100-preview.4.22252.9

Anything else?

❯ dotnet --info
.NET SDK:
 Version:   7.0.100-preview.4.22252.9
 Commit:    6bc31786a8

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.19043
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\7.0.100-preview.4.22252.9\

global.json file:
  Not found

Host:
  Version:      7.0.0-preview.4.22229.4
  Architecture: x64
  Commit:       9c37a3b3eb

.NET SDKs installed:
  1.1.14 [C:\Program Files\dotnet\sdk]
  2.2.207 [C:\Program Files\dotnet\sdk]
  3.1.416 [C:\Program Files\dotnet\sdk]
  3.1.418 [C:\Program Files\dotnet\sdk]
  5.0.213 [C:\Program Files\dotnet\sdk]
  5.0.408 [C:\Program Files\dotnet\sdk]
  6.0.100 [C:\Program Files\dotnet\sdk]
  6.0.104 [C:\Program Files\dotnet\sdk]
  6.0.300 [C:\Program Files\dotnet\sdk]
  7.0.100-preview.4.22252.9 [C:\Program Files\dotnet\sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.All 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.2.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.2.8 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 3.1.20 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 3.1.21 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 3.1.25 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 5.0.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 5.0.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 5.0.16 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 6.0.0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 7.0.0-preview.4.22251.1 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 1.0.16 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 1.1.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.2.8 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 3.1.20 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 3.1.21 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 3.1.25 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 5.0.11 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 5.0.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 5.0.16 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 6.0.0 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 7.0.0-preview.4.22229.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.WindowsDesktop.App 3.1.20 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 3.1.21 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 3.1.25 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 5.0.11 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 5.0.13 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 5.0.16 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 5.0.17 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 6.0.0 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
  Microsoft.WindowsDesktop.App 7.0.0-preview.4.22229.2 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Download .NET:
  https://aka.ms/dotnet-download

Learn about .NET Runtimes and SDKs:
  https://aka.ms/dotnet/runtimes-sdk-info

[javiercn]

@aguacongas thanks for contacting us.

We don't have any reason to believe this is a blazor specific behavior. Does the same code work on a console application? I suspect you need to match the casing in the configuration

[ghost]

Hi @aguacongas. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

[aguacongas]

@javiercn I tried to Pascal case the config but that didn't change the result. Much more weird, if you try to bind ProviderOptions it works. Only UserOptions is not bound. So as it is a blazor wasm specifc class I guess it's a blazor wasm issue.

builder.Services.AddOidcAuthentication(options =>
{
    // here the binding works.
    builder.Configuration.Bind(nameof(options.ProviderOptions), options.ProviderOptions);
    // doesn't work when published
    builder.Configuration.Bind(nameof(options.UserOptions), options.UserOptions);
    // options.UserOptions.RoleClaim = "role"; works always.
}).AddAccountClaimsPrincipalFactory<ClaimsPrincipalFactory>();

I updated the repo.

This works with version 6.0.* and earlier

[javiercn]

@aguacongas does it fail while you are running on development or after you have published the app

[ghost]

Hi @aguacongas. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

[aguacongas]

Only after published,

[javiercn]

@aguacongas thanks for the additional details.

Then it's just a matter of it being trimmed.

[javiercn]

It seems that the type is missing the proper annotation.

I think it needs to have something like [DynamicallyAccessedMembers(JsonSerialized)]

[javiercn]

As a workaround, assign a dummy value before you bind the value from config so that the trimmer doesn't discard the property.

[aguacongas]

@javiercn is ok to propose a PR to fix it ?

[javiercn]

@aguacongas go for it

[pranavkm]

I don't think adding DynamicallyAccessedMembers on the type would help (the trimmer might not see it at all). Config binding probably relies on reflection and I would expect it to complain about it when you're publishing. It's usually expected for the application to apply the right gestures (perhaps DynamicDependecy(DynamicallyAccessedMemberTypes.PublicProperties, typeof(RemoteAuthenticationUserOptions))] to Program.Main) ensure that the properties on the option are preserved.

/cc @eerhardt

[eerhardt]

// doesn't work when published
builder.Configuration.Bind(nameof(options.UserOptions), options.UserOptions);

The Bind method has a RequiresUnreferencedCode attribute on it, which is supposed to give you warnings when you trim that this will cause runtime problems. However, Blazor WASM disables these warnings by default.

We do have plans for a source generator (dotnet/runtime#44493) to fix this, but that hasn't been prioritized in .NET 7.

For now, either not using ConfigurationBinder and bind the config manually, or preserving the properties with DynamicDependency or explicitly using the properties in code are the best options.

[javiercn]

@eerhardt thanks for the additional information.

I think based on that, we'll wait for the runtime to deal with better config trimming as there is nothing we can do at our level other than enabling the warnings for RequiresUnreferencedCode which I don't think is something we plan to do in the near future.