IExceptionFilter handler not working in ASP.NET Core 3.1 Blazor (server-side)

Question

I'm testing the functionality of an exception filter I've been using in an ASP.NET Core 2.2 website. It's a slight modification of the AuthorizeForScopesAttribute class in the Microsoft.Identity.Web sample repo.

What's supposed to happen is that when we try to get a token from the cache, it will throw an MsalUiRequiredException which should be caught by the filter and force a re-auth. The TokenAcquisition class catches the exception and throws but the filter never catches it.

To test 3.1 I created a simple Blazor (server-side) website, added a reference to Microsoft.Identity.Web and I'm attempting to make a call to the Microsoft Graph API; similar to this example .

ASP.NET Core 2.2 Implementation (Startup.cs):

services.AddMvc(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
    options.Filters.Add(new AuthorizeForScopesAttribute(new string[] {ScopeConstants.ScopeUserRead}));
});

ASP.NET Core 3.1 Implementation (Startup.cs):

services.AddControllersWithViews(options =>
{
    var policy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();
    options.Filters.Add(new AuthorizeFilter(policy));
    options.Filters.Add(new AuthorizeForScopesAttribute(new[] {ScopeConstants.ScopeUserRead}));
});

The sample repo for Microsoft.Identity.Web relies on decorating a controller with an attribute and since I'm using Razor pages for my 2.2 web application and Blazor (server-side) for my 3.1 web application, I had to modify it as follows:

• Replaced ExceptionFilterAttribute with IExceptionFilter
• Added a constructor and supplied the Scopes property in Startup.cs
• Since this is not an implementation of an abstract class (using an Interface now), I removed the override statement in the OnException method so it's just public void OnException(ExceptionContext context) now.

I've been working with a colleague who maintains the repo but we're both puzzled as to why it's not being triggered. Since 3.1 doesn't use the "UseMvc" statement anymore, is this even the right implementation? So far as I can tell it looks correct .

FYI: I realize the class name also doesn't reflect the fact this is not an attribute anymore but I just kept the name the same for now.

Answer 1

Turns out Exception Filters in ASP.NET Core are not supported in a Blazor application. I will be working on an alternative given the guidance on GH and will update this post accordingly.

Official word: https://github.com/dotnet/aspnetcore/issues/18761

Answer 2

A possible workaround is making _host as a Page, so the method [AuthorizeForScopes] can get triggered. Here is an example: https://github.com/wmgdev/BlazorGraphApi/blob/master/BlazorGraphApi/Pages/_host.cshtml.cs

We currently dont have an official Blazor sample, but apparently this users approach worked. Also, a good update is that Microsoft.Identity.Web is now a NuGet package.