Blazor WebAssembly Application fails to load due to integrity errors - security

We have developed a Blazor WebAssembly Application that has already gone into productive usage for a certain group of customers.
The Application works well in all Browsers with Standard Security settings. However, this morning I got a call from one of the customers, where the Application did not load at all in their Chrome Browser.
I saw the following Errors in the console:
Unknown error occurred while trying to verify integrity.
Failed to load resource: the server responded with a status of 403 (forbidden)
Failed to find a valid digest in the 'integrity' attribute for ressource '<somepath.dll>' with SHA-256 integrity <sha56>. the resource has been blocked
Now my question is, what could cause this? Is this a Browser Security setting, or another security setting e.g on server, in code etc.? How can I fix this?
Here's a picture of the errors mentioned above

The most likely reason why this is happening, is that some Antiviruses block the execution of downloaded .dll files. That's why it is working in some networks, but doesn't in some others.
What you can do, and what is also suggested as a Workaround by microsoft, is to rename all .dll to .bin - and also change the config json. it worked in my case.
I use the following PowerShell function for that:
Function Hide-BlazorDLL {
Param(
[string]$Path = (Get-Location).Path
)
<#
According to the following Links:
https://github.com/dotnet/aspnetcore/issues/19552
https://github.com/dotnet/aspnetcore/issues/5477#issuecomment-599148931
https://github.com/dotnet/aspnetcore/issues/21489
https://gist.github.com/Swimburger/774ca2b63bad4a16eb2fa23b47297e71
#>
# Test if path is correct and accessible
$WorkingDir = Join-Path $Path "_framework"
if (!(Test-Path $WorkingDir)) { Throw "Wrong path $Path. current location must be wwwroot folder of published application." }
# Get All Items
$AllItems = Get-ChildItem $WorkingDir -Recurse
$DLLs = $AllItems | Where-Object { $_.Name -like '*.dll*' }
$BINs = $AllItems | Where-Object { $_.Name -like '*.bin*' }
# End script if no .dll are found
if ($DLLs) {
# Delete all current .bin files
if ($BINs) {
Remove-item $BINs.FullName -Force
}
# Change .dll to .bin on files and config
$DLLs | Rename-item -NewName { $_.Name -replace ".dll\b",".bin" }
((Get-Content "$WorkingDir\blazor.boot.json" -Raw) -replace '.dll"','.bin"') | Set-Content "$WorkingDir\blazor.boot.json"
# Delete Compressed Blazor files
if (Test-Path "$WorkingDir\blazor.boot.json.gz") {
Remove-Item "$WorkingDir\blazor.boot.json.gz"
}
if (Test-Path "$WorkingDir\blazor.boot.json.br") {
Remove-Item "$WorkingDir\blazor.boot.json.br"
}
# Do the same for ServiceWorker, if it exists
$ServiceWorker = Get-Item "$Path\service-worker-assets.js" -ErrorAction SilentlyContinue
if ($ServiceWorker) {
((Get-Content $ServiceWorker.FullName -Raw) -replace '.dll"','.bin"') | Set-Content $ServiceWorker.FullName
Remove-Item ($ServiceWorker.FullName + ".gz")
Remove-Item ($ServiceWorker.FullName + ".br")
}
}
else {
Write-Host "There are no .dll Files to rename to .bin"
}
}
Basically you need to navigate to the wwwroot folder of your published application and run the function there. e.g:
PS D:\inetpub\wwwroot\<appname>\wwwroot> Hide-BlazorDLL

Solution for me was to delete the obj and the bin folder in both the client and the server project folder

This error for some reason kept happening for me when I tested my application in an anonymous browser window (Google Chrome).
Try using a normal browser window if you're getting integrity errors.
Also, if you're using Cloudflare CDN don't forget to "Purge Everything" in the cache.

We have experienced this issue using Cloudflare auto minify feature. That feature removes any comments from html, js and other files - which some of the blazor .js files seems to contain.
This means that the hash of the file contents no longer matches the hash found in blazor.boot.json -> an integrity issue will be thrown and stop the app from loading.
Disabling the auto minify feature fixed the issue.

Tech Stack:
.NET 6.0.11
I had a similar issue. In the local machine, it is working fine. But when it is deployed through GitHub Actions, I get integrity checks error. I got this issue for Blazor WebAssembly ASP.NET Core Hosted (WebAssemblyPrerendered) project. Here is the fix I followed.
Added the .gitattributes file to the solution root folder.
Added the below code at the end of the file.
# blazor dlls - treat all .dll files as binary
*.dll binary

Related

Azure function app, Powershell 7.2 dll module install

I have this powershell script which works very well on my computer. I use the x64 and powershell 7.2.
The problem is when I publish the code to Azure, there is a module missing. The module is a .net System.Data.OleDb.
ERROR: Exception calling "Open" with "0" argument(s): "The 'MSOLAP' provider is not registered on the local machine."
I have tried to add the .dll file to Module folder, that i created but function app doesn't load it for some reason.
Structure of the function app
host.json
local.settings.json
powerbitablerefresh
run.ps1
function.json
Modules
Microsoft.AnalysisServices.AzureClient.dll
profile.ps1
requirements.psd1
inside requirements I have:
'Az.Keyvault' = '4.*'
'Az.Accounts' = '2.*'
'Az.AnalysisServices' = '1.*'
'SqlServer' = '21.1.18256'
My question is, how do I install .dll on a function app?
how do I install .dll on a function app?
You can install .dll files by following below workaround:
Firstly, Login to Azure
Then open your Function App
Then Click on Advanced tools , then click on Go
Then Click on Tools, Then click on Zip Push Depoly like below:
Then Click on your function app
Then click on bin folder and after it opens, drag your .dll file over there and then you can reference them in your function app:
The right answer is that add the .dll files to the C:\home\site\wwwroot\ and then in the powershell script run it like this
Add-Type -Path (Join-Path $PSScriptRoot "Microsoft.Identity.Client.dll")
Add-Type -Path (Join-Path $PSScriptRoot "Microsoft.AnalysisServices.AdomdClient.dll")
It will then create a connection

Use custom, composite resource with Azure DSC extension

I have a VM template that deploys a DSC extension. It's been working fine but my configuration is growing so I've refactored it to use a composite resource and republished it to blob storage with Publish-AzureRmVMDscConfiguration.
I verified that the .ps1.zip file in blob storage contains my custom module and that the module is listed under dscmetadata.json. However, when I deploy, the DSC extension fails. The logs under C:\WindowsAzure\Logs\Plugins\Microsoft.Powershell.DSC\2.17.0.0 reveal the reason:
C:\Packages\Plugins\Microsoft.Powershell.DSC\2.17.0.0\bin..\DSCWork\AppServerDev.ps1.0\AppserverDev.ps1
PSDesiredStateConfiguration\node : The module 'xCustomResource' could
not be loaded. For more information, run 'Import-Module
xCustomResource'.
At C:\Packages\Plugins\Microsoft.Powershell.DSC\2.17.0.0\DSCWork\AppServerDev.ps1.0\AppserverDev.ps1:9 char:3
node "localhost"
~~~~
CategoryInfo : ObjectNotFound: (xCustomResource\xCustomResource:String)
[PSDesiredStateConfiguration\node], ParentContainsErrorRecordException
FullyQualifiedErrorId : CouldNotAutoLoadModule,PSDesiredStateConfiguration\node
Here are the relevant bits of my configuration file:
configuration AppServerDev
{
param($environment)
Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
Import-DscResource -ModuleName 'SaaSModule'
node "localhost"
{
LocalConfigurationManager
{
RebootNodeIfNeeded = $true
ConfigurationMode = "ApplyAndAutoCorrect"
ConfigurationModeFrequencyMins = 1440
}
xDCTPlatformVM VM {
OctopusParametersFile = $environment
ChocolateyPackages = #(
'googlechrome',
'notepadplusplus',
'7zip',
'microsoftwse',
'octopusdeploy.tentacle',
'sqlserver-cmdlineutils'
)
}
}
}
Running Get-Module -ListAvailable reveals that DankModule is found and I can, from powershell, run Import-Module DankModule and it works as expected. I assume the confusion is coming from it trying to import xCustomResource rather than DankModule but my .ps1 file under C:\Packages\Plugins\Microsoft.Powershell.DSC\2.17.0.0\DSCWork says
Import-Module "DankModule"
and not
Import-Module "xCustomType"
Why is it trying to import xCustomType rather than DankModule? How do I make it find DankModule which is available and contains xCustomType?
UPDATE: Get-Module -ListAvailable shows DankModule is installed but Get-DSCResource -Module DankModule doesn't return anything.
I'm not sure but I think this is a rookie mistake on my part because I have no experience building powershell modules. I was using this page as well as this one to construct my module and I'd gotten a valid module file by using New-ModuleManifest, I had the correct file structure mentioned in both of them e.g.
C:\Program Files\WindowsPowerShell\Modules\
DankModule
DankModule.psd1
DankModule.psm1
DSCResources
xCustomResource
xCustomResource.psd1
RootModule = ‘xCustomResource.schema.psm1'
xCustomResource.schema.psm1
Configuration, no Node block
but I didn't realize I had some tweaking left. I needed to correct the RootModule property in DankModule.psd1 to look like this:
RootModule = 'C:\Program Files\WindowsPowerShell\Modules\DankModule\DankModule.psm1'
And also needed to add to my blank DankModule.psm1 a line referencing my xCustomResource.schema.psm1 equivalent:
. .\DSCResources\xCustomResource\xCustomResource.schema.psm1
That is the only line in my module-level .psm1 file and everything is now working. I also, at one point, removed all the \0s from both my .psd1 files but now I'm not sure if that was strictly necessary.

Windows azure project replace ServiceConfiguration.Cloud.cscfg

I have two MVC projects. And I created two WindowsAzure project:WindowsAzure1-> which package MVC1 , and WindowsAzure2-> which package MVC2 project. After CheckIn on Local TFS 2012, I build my solution. MSBuild Arguments:
/t:Publish /p:PublishDir=c:\drops\app.publish\
After Build I see 3 file, instead 4.
1.WindowsAzure1.cspkg
2.WindowsAzure2.cspkg
3.ServiceConfiguration.Cloud.cscfg//It contain config WindowsAzure2.cspkg
I tried to rename ServiceConfiguration.Cloud.cscfg, but it doesn't rename.
So, I think the better place package on different folder. But problem that in the future MVC and Azure project will be unknown count. So I need automatically create folder contains name project. So how can it do?
Simple Way to create dynamic folders is through PowerShell Script.
Lets say you have folder structure of projects in following way -
Then you can following script to generate package folders -
# Solution directory, which contains all the projects
$path = "C:\Solution"
$folders = Get-ChildItem -Path $path
foreach ($folder in $folders)
{
if ($folder.Attributes -eq "Directory")
{
if($folder.Name -like "*.Cloud")
{
New-Item -Path "$($path)\$($folder.Name)package" -ItemType "Directory"
}
}
}
Output will be -
Then you can use CSPack utility and PowerShell combination to create package and save configuration file to the location of your interest.
http://www.intstrings.com/ramivemula/articles/jumpstart-30-create-azure-cloud-service-package-cspkg-of-visual-studio-2013-project-solution-using-powershell/

Create Nuget Pacakge with configuration of cloud config(ServiceDefinition.csdef) file

I would like to build Nuget package for my add-on which will be used by end user to install as startup task and after that they will upload their applications on window azure platform.
Let's take one simple web application and one cloud project now using Nuget end user will added add-on package it will add 2 files(exe & config) in web application project & add startup task to ServiceDefinition.csdef of cloud project as per shown in figure
How can i created this type of Nuget Pacakge?
Thanks in advance.
Update:
I have tried according with NICK's answer however i am getting problem with 2 webrole in cloud project according to shown in below fig.
and error i am getting as per below
Also i have one question that If i am installing that Nuget package with command line then how i can consider all webrole projects to add exe and config file in solution??
Nuget packages work based on a convention:
http://docs.nuget.org/docs/creating-packages/creating-and-publishing-a-package#From_a_convention_based_working_directory
As far as the exe and config you can do the following:
In your package directory make the following directories
mkdir lib (for the exe)
mkdir content (for the config)
All you have to do for the exe is drop the file in the lib directory and modify you .nuspec file just under the metadata node. There should be a "files" node (if not you can add one). Add something like this inside the files node:
<file src="content\my.exe" target="content\my.exe" />
The config is a little different. Just add a file named myname.config.transform to the content directory and add an entry into the .nuspec file:
A couple of things to note:
If the config file does not exist in your app it will add one for you.
You only have to add the nodes you want transformed if there is a file that already exists
The transform file will do a complete match on your node so if the following existed in
your config file:
<add key="test" value="myval"/>
And in your transform you had:
<add key="test" value="myval2"/>
The resulting file would look like:
<add key="test" value="myval"/>
<add key="test" value="myval2"/>
As far as adding the startup task, that's been a little more tricky for me (there might be a much better way). I use powershell in the install.ps1 (just like the files above but you create a "tools" directory for it):
param($installPath, $toolsPath, $package, $project)
#Modify the service config - adding a new Startup task
$svcConfigFile = $DTE.Solution.Projects|Select-Object -Expand ProjectItems|Where-Object{$_.Name -eq 'ServiceDefinition.csdef'}
$ServiceDefinitionConfig = $svcConfigFile.Properties.Item("FullPath").Value
[xml] $xml = gc $ServiceDefinitionConfig
#Create startup and task nodes
# So that you dont get the blank ns in your node
$startupNode = $xml.CreateElement('Startup','http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition')
$taskNode = $xml.CreateElement('Task','http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition')
$taskNode.SetAttribute('commandLine','my.exe')
$taskNode.SetAttribute('executionContext','elevated')
$taskNode.SetAttribute('taskType','simple')
$startupNode.AppendChild($taskNode)
#Check to see if the startup node exists
$modified = $xml.ServiceDefinition.WebRole.StartUp
if($modified -eq $null){
$modified = $xml.ServiceDefinition.WebRole
$modified.PrependChild($startupNode)
}
else{
$nodeExists = $false
foreach ($i in $xml.ServiceDefinition.WebRole.Startup.Task){
if ($i.commandLine -eq 'my.exe'){
$nodeExists = $true
}
}
if($taskNode -eq $null -and !$nodeExists){
$modified.AppendChild($taskNode)
}
}
$xml.Save($ServiceDefinitionConfig);
I hope this helps out.
--Nick

Powershell and System.Security.Cryptography.X509Certificates.X509Certificate2

i'm getting this error when i run the system.security namespace. This is what i am running after
$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\mycert.cer")
New-Object: Cannot find type [System.Security.Cryptography.X509Certificates.X509Certificate2("C:\mycert.cer")]: make sure the assembly containing this type is loaded.
At line:1 char:19
+ $cert = New-Object <<<<
+ CategoryInfo : InvalidType: (:) [New-Object], PSArgumentException
+ FullyQualifiedErrorId : TypeNotFound,Microsoft.PowerShell.Commands.NewObjectCommand**
What am i doing wrong?
Try running this to see if you have the System.dll loaded (should be by default):
[AppDomain]::CurrentDomain.GetAssemblies() |
Where {$_.Location -match '\\System\\'}
If it is loaded then this command should show the X509Certificate2 type:
[AppDomain]::CurrentDomain.GetAssemblies() |
Where {$_.Location -match '\\System\\'} |
%{$_.GetExportedTypes()} | Where {$_.Name -match 'X509Cert'}
If the System.dll isn't loaded (which would be odd) try loading it:
Add-Type -AssemblyName System
See: http://technet.microsoft.com/en-us/library/hh849914.aspx
FYI ... I got error:
Unable to find type [System.Security.Cryptography.x509Certificates.X509Certificate2UI]
when using:
$certSelect = [System.Security.Cryptography.x509Certificates.X509Certificate2UI]::SelectFromCollection($certCollection, $title, $msg, 0)
However, I had no error creating the collection earlier on in my script:
$certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
To make the error go away I had to include the following at some point earlier on:
Add-Type -AssemblyName System.Security
I've solved my problem. It's easily:
cd\
$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\mycert.cer")
cd\ is necessary
I ran into this in the ISE (but seems to apply to the normal command window too) and it seems that using autocomplete will automatically Add-Type for whatever you're looking for. If you start a new instance and run:
[AppDomain]::CurrentDomain.GetAssemblies() | grep Security
it will not return System.Security, but if you then type this and let intellisense do its thing:
[System.
You can then run this again:
[AppDomain]::CurrentDomain.GetAssemblies() | grep Security
And it will then return System.Security. So this is why you can write a script that works fine, and then revisit it later and it's broken. Using intellisense doesn't fix your script though, instead you have to add this line:
Add-Type System.Security
Or whatever library is not getting auto-added (it seems to need the dll filename, e.g. C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.6.1\System.Security.dll).
I'm pretty sure IseSteroids (a paid ISE add-in) can detect this, maybe others as well.

Resources