Aspnetcore: Blazor webassembly successful authentication causes browser crash in VS 16.7.2 (when saving password)

Thanks for contacting us.
Can you please clarify what you mean by "crash" here? Does the browser gets closed and the debugging stops?

Thats correct. The browser closes and the debugger stops without any further information.

I have a similar repo with a fresh Blazor WebAssembly app (and my own 'full' app). There also seems to be a relationship between credentials pre-filled by the browser (but the repro is consistent).

See this: https://stackoverflow.com/questions/63651738/blazor-webassembly-hosted-proxy-crash-on-successful-authentication

My suspicion is that something in the AuthenticationService.js is causing some issue which causing the debugger proxy to terminate.1

Here is the tail of my vscode-edge-debug.txt if that's useful./

{"tag":"cdp.receive","timestamp":1599446115897,"metadata":{"connectionId":0,"message":{"method":"Network.responseReceived","params":{"requestId":"27108.66","loaderId":"435E04D101F180BE296A89743C45D909","timestamp":58722.712101,"type":"Script","response":{"url":"https://localhost:5008/_framework/blazor.webassembly.js","status":200,"statusText":"","headers":{"date":"Mon, 07 Sep 2020 02:35:15 GMT","content-encoding":"gzip","last-modified":"Mon, 07 Sep 2020 02:03:59 GMT","server":"Kestrel","etag":"\"1d684bb2647eafc\"","blazor-environment":"Development","vary":"Content-Encoding","content-type":"application/javascript","status":"304","cache-control":"no-cache","accept-ranges":"bytes","content-length":"15228"},"mimeType":"application/javascript","connectionReused":true,"connectionId":45,"remoteIPAddress":"[::1]","remotePort":5008,"fromDiskCache":false,"fromServiceWorker":false,"fromPrefetchCache":false,"encodedDataLength":291,"timing":{"requestTime":58722.675756,"proxyStart":-1,"proxyEnd":-1,"dnsStart":-1,"dnsEnd":-1,"connectStart":-1,"connectEnd":-1,"sslStart":-1,"sslEnd":-1,"workerStart":-1,"workerReady":-1,"workerFetchStart":-1,"workerRespondWithSettled":-1,"sendStart":4.371,"sendEnd":4.925,"pushStart":0,"pushEnd":0,"receiveHeadersEnd":25.522},"responseTime":1599446115883.991,"protocol":"h2","securityState":"secure","securityDetails":{"protocol":"TLS 1.2","keyExchange":"ECDHE_RSA","keyExchangeGroup":"P-384","cipher":"AES_256_GCM","certificateId":0,"subjectName":"localhost","sanList":["localhost"],"issuer":"localhost","validFrom":1587949657,"validTo":1619485657,"signedCertificateTimestampList":[],"certificateTransparencyCompliance":"not-compliant"}},"frameId":"1A8A21D9B19C9E02F9CD09F90A357C53"},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"cdp.receive","timestamp":1599446115897,"metadata":{"connectionId":0,"message":{"method":"Network.dataReceived","params":{"requestId":"27108.66","timestamp":58722.712192,"dataLength":60469,"encodedDataLength":0},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"runtime.sourcecreate","timestamp":1599446115897,"message":"Creating source from url","metadata":{"inputUrl":"https://localhost:5008/_content/Microsoft.AspNetCore.Components.WebAssembly.Authentication/AuthenticationService.js","absolutePath":"C:\Users\philip\.nuget\packages\microsoft.aspnetcore.components.webassembly.authentication\3.2.1\staticwebassets\AuthenticationService.js"},"level":0}
{"tag":"cdp.receive","timestamp":1599446115900,"metadata":{"connectionId":0,"message":{"method":"Network.loadingFinished","params":{"requestId":"27108.66","timestamp":58722.701968,"encodedDataLength":291,"shouldReportCorbBlocking":false},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"dap.send","timestamp":1599446115904,"metadata":{"connectionId":0,"message":{"seq":153,"type":"event","event":"loadedSource","body":{"reason":"new","source":{"name":"localhost꞉5008/_content/Microsoft.AspNetCore.Components.WebAssembly.Authentication/AuthenticationService.js","path":"C:\Users\philip\.nuget\packages\microsoft.aspnetcore.components.webassembly.authentication\3.2.1\staticwebassets\AuthenticationService.js","sourceReference":0}},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"dap.send","timestamp":1599446116625,"metadata":{"connectionId":0,"message":{"seq":16,"type":"event","event":"terminated","body":{}}},"level":0}
{"tag":"dap.receive","timestamp":1599446116632,"metadata":{"connectionId":0,"message":{"type":"request","command":"disconnect","arguments":{},"seq":5}},"level":0}
{"tag":"dap.send","timestamp":1599446116635,"metadata":{"connectionId":0,"message":{"seq":17,"type":"response","request_seq":5,"command":"disconnect","success":true,"body":{}}},"level":0}
{"tag":"dap.receive","timestamp":1599446116668,"metadata":{"connectionId":0,"message":{"type":"request","command":"disconnect","arguments":{"terminateDebuggee":false},"seq":5,"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"dap.send","timestamp":1599446116668,"metadata":{"connectionId":0,"message":{"seq":154,"type":"event","event":"output","body":{"category":"telemetry","output":"js-debug/breakpointStats","data":{"set":0,"verified":0,"hit":0}},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"dap.send","timestamp":1599446116669,"metadata":{"connectionId":0,"message":{"seq":155,"type":"event","event":"thread","body":{"reason":"exited","threadId":0},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"dap.send","timestamp":1599446116669,"metadata":{"connectionId":0,"message":{"seq":156,"type":"event","event":"terminated","body":{},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}
{"tag":"dap.send","timestamp":1599446116669,"metadata":{"connectionId":0,"message":{"seq":157,"type":"response","request_seq":5,"command":"disconnect","success":true,"body":{},"sessionId":"741A3041A324A3B7B24825C632F85768"}},"level":0}

Update to my repro.

If I disable address saving (i.e. email address / login) and password saving on Edge and manually type in the user/password then there is no 'crash' of Edge.

This is obviously a bizarre bug.

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

@lewing FYI

We have the same issue, but with Azure AD B2C.

We have tried to hijack the /authentication/login-callback system, assuming the issue was something to do with the processing of the response, but that did not help.

We have seen the issue running under both IISExpress and Kestrel, but the issue seems to be easier to reproduce when running in Kestrel. As with other comments, the issue is easier to reproduce when using credentials stored in the browser, rather than manually typing them in, however we have seen the issue also with manual credentials as well.

There's no error messages we can capture, the debugger detaches and the browser closes -

mono_wasm_runtime_ready fe00e07a-5519-4dfe-b35a-f867dbaf2e28
The program '' has exited with code -1 (0xffffffff).
The program '[18616] dotnet.exe: Program Trace' has exited with code 0 (0x0).
The thread 0x0 has exited with code 0 (0x0).
The program 'localhost:5001' has exited with code -1 (0xffffffff).
The program '[18616] dotnet.exe' has exited with code -1 (0xffffffff).

FWIW We have also tried the same in VS 16.7.2 and 16.8.0 Preview 3 with the same result

Same issue on 2 web assembly projects, i have to clear the saved login/password and type them in each time

I had the same issue on my web assembly project. The browser just instantly closes without further warning or errors. Took quite some time to find out which behavior was causing this.

If the browser is crashing edge/chromium should generate a crash dump under C:\Users\<user>\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports (see https://www.chromium.org/developers/crash-reports)

This crash sounds like it is more related to credential saving than wasm but it difficult to know without more details.

cc @kg

Which browser(s) are behaving this way? Firefox? Chrome? Edge? Does it close if there are other tabs open?

Chrome and Edge

From: Katelyn Gadd notifications@github.com
Sent: Tuesday, September 15, 2020 9:44:25 PM
To: dotnet/runtime runtime@noreply.github.com
Cc: patrickwensel pwensel@hotmail.com; Comment comment@noreply.github.com
Subject: Re: [dotnet/runtime] Blazor webassembly successful authentication causes browser crash in VS 16.7.2 (when saving password) (#41969)

Which browser(s) are behaving this way? Firefox? Chrome? Edge? Does it close if there are other tabs open?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/dotnet/runtime/issues/41969#issuecomment-692902992, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA332MQUS2MINSBN2ILNA6DSF6YYTANCNFSM4RAHKPYQ.

Unfortunately, I followed the reproduction steps and could not get any authentication prompt to appear to reproduce the issue.

Despite changing Program.cs to use oidc as suggested in the report + updating the wwwroot/appsettings.json and wwwroot/appsettings.Development.json, I only get this message:

It seems as if I need to do something else to enable oidc.

Having same issue with Chrome (85.0.4183.102).
But it crashes only when debug version is opened, if you open new instance of chrome and navigate to app, all works.
For me it doesn't matter if form fields are autofilled by browser or manualy - in both cases it crashes.
I am using basic cookie authentication with endpoint that returns redirect on successfull authentication. Everyithing crashes before I get response.

Upgrade to VS 16.8.0 P3 and .NET 5 RC1 made things considerably worse.
Can't start the app at all under IIS Express or Kestrel and can't seem to get IIS to load either.
Rolled back to 16.7.3

@richardhauer being unable to start IISE or Kestrel sounds very bad, please file a separate issue about that.

Same problem here. Only when i have saved password.
All is fine when i open site in separate window.

Crashes at NavigationManager.NavigateTo("/");

Microsoft Visual Studio Community 2019
Version 16.7.4

Have the same issue when i have a saved password.
If i manually type the user name and password everything works fine
Visual studio professional Version 16.7.4.
SDKS installed

• 3.1.402 [C:\Program Files\dotnet\sdk]
• 5.0.100-rc.1.20452.10 [C:\Program Files\dotnet\sdk]
  Just created a new Blazor App Core Hosted
  Checked PWA
  Changed authentications to individual app hosted

I am facing same issue, in other page i have password field inside form and chrome crashing only if I change something on form after leaving page (navigate away). My page / form has nothing to do with authorization or authentication it is sample form.
Looks like autocomplete="one-time-code" can solve this

<InputText autocomplete="one-time-code" name="Password" id="Password" type="password" class="form-control" @bind-Value="configView.Password" />

Same "Edge is Crashing" bug here with a Blazor WASM app using OIDC. As long as I start with CTRL-F5 to start in non-debug it works. But in debug mode, as soon as I enter my (correct) login info, Edge and the Debugging session close immediately. (Unlike others here, even if I type my info in manually, it crashes)

Tried with FireFox while a debug session was going with an Edge instance, and FireFox does not crash and the Debug Session stays active. But as soon as I enter my info in Edge, the crash occurs.

Not sure how to proceed.

Using VS 2019 16.7.4

This just started happening to me yesterday with no obvious change in my codebase or environment (however I had not been re-authenticating much.) I've been using VS 2019 16.7.4 for a while.

External login works fine, only crashes when I enter a Username and Password.

Can someone that is experiencing this verify wether or not a crashpad report is being produced? (see https://github.com/dotnet/runtime/issues/41969#issuecomment-692898246)

@lewing Under normal operation, when the debugger is stopped in VS the browser closes. My interpretation of what is happening is that the debugger is getting disconnected or is crashing out, and the browser is closing as a result of this disconnection, rather than the action crashing the browser per se. It only _looks_ like the browser is crashing.

My explanation accounts for why there is no browser crash log and also why the whole thing works when no debugger is attached. The issue is the debugging side, not the browser side.

IMHO

@mkArtakMSFT @lewing can you please triage it against 5.0? (remote "untriaged" and set milestone)

@lewing No crashpad reports are logged for me

cc @thaysg

Tagging subscribers to this area: @thaystg
See info in area-owners.md if you want to be subscribed.

I experience the same issue under Preview 8 with saving the password on a server side Razor Login page and redirecting to a server side Razor (empty) page when debugging a WASM app. So WASM runtime is not even triggered yet (no loading... screen) and results in hard crash of Chrome, no logs in C:\Users\\AppData\Local\Google\Chrome\User Data\Crashpad.

This behavior is new since I added the package WebAssembly.Authentication in the app. Running under dotnet watch is fine.

I have the same issue with Blazor WASM using AspNet Core Identity.

When logging in, the browser (chrome or edge) exits and the debugger stops working.

In Edge I deleted the saved password, and was able to login successfully.

_IdentityServer4.Events.DefaultEventService: Information: {
"Name": "Token Issued Success",
"Category": "Token",
"EventType": "Success",
"Id": 2000,
"ClientId": "MyProject.Client",
"ClientName": "MyProject.Client",
"RedirectUri": "https://localhost:44384/authentication/login-callback",
"Endpoint": "Authorize",
"SubjectId": "420f3a14-f1e1-411c-9c7d-4bb0e711b0bd",
"Scopes": "openid profile MyProject.ServerAPI",
"GrantType": "authorization_code",
"Tokens": [
{
"TokenType": "code",
"TokenValue": "**nOi8"
}
],
"ActivityId": "80000024-0001-e800-b63f-84710c7967bb",
"TimeStamp": "2020-10-07T13:13:01Z",
"ProcessId": 39368,
"LocalIpAddress": "::1:44384",
"RemoteIpAddress": "::1"
}
The program '' has exited with code -1 (0xffffffff).
The thread 0x0 has exited with code 0 (0x0).
The program 'localhost:44384' has exited with code -1 (0xffffffff).
The program '[39368] iisexpress.exe' has exited with code -1 (0xffffffff)._

Thanks for sharing details everyone! I was able to reproduce this issue on RC2 and VS 16.8p3 with a Blazor WASM hosted app configured for individual auth. Some things of note:

• This issue only happens when debugging in VS. Debugging via the in-browser experience doesn't cause this issue.
• The browser closing doesn't appear to be a crash in the Chrome sense since the crash reports @lewing mentioned above are never produced.
• Issue reproduces for both saved and unsaved credentials so it doesn't seem related to that.
• The browser crash occurs after the initialization codepaths for the AuthenticationService (aka AuthenticationService.initialize()) have completed.

The fact that this doesn't happen in the in-browser experience makes me suspect that this has nothing to do with the runtime or Blazor and might lie in the vscode-js-debug adapter or VS.

We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.

Update: @connor4312 was able to shed some light here. It looks like the issue might be related to a similar issue reported in https://github.com/microsoft/vscode-js-debug/issues/729. There's an underlying Chromium bug tracking this at https://bugs.chromium.org/p/chromium/issues/detail?id=1123329.

It looks like a fix will be shipped to Chrome in an upcoming release.

Looks like Chrome 86 was actually released yesterday, so update your browsers and it should start working

Looks like Chrome 86 was actually released yesterday, so update your browsers and it should start working

That fixed it so far for me