WebAssembly Blazor not using token when deployed on IIS

Question

I'm currently developing a WebAssembly Blazor application which uses Identity Server 4. As described here https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-identity-server?view=aspnetcore-3.1&tabs=visual-studio

When I'm debugging locally or deploy to Azure everything works fine. I can login and the WebAssembly Client uses the token for all future requests. However when I deploy my application to IIS I get stuck in a login loop. On the server no errors are logged and the login is successful. On the client I see that the POST to /connect/token has a valid token as response (which I checked by using the token with Postman). However it looks like the client ignores the the token cause after that I see it logs to the console:

Info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
  Authorization failed.

And then it redirects me to login again. Even stranger for me is that also locally on the IIS server this doesn't happen. I'm really confused on why only this happens for remote use on IIS and not on Azure. Hope someone can point me in the right direction.

Answer 1

The problem was that the IIS server time wasn't in sync. So on the localhost it worked flawless, but connecting remotely was returning a token that was already expired. The logging of the Authorization Service of Blazor is minimal and doesn't show it discards the token because its expired.