How to do an authentication for mobile from Ionic and another from web using .net core?

Question

I am setting ADFS authentication in my asp net core application which has a web client and a mobile client, it means that has functions in web and others function from mobile using Ionic so far I have configured the authentication for the web client and I need advice or any help for the configuration for authentication for mobile.

According to Migrating web api authentication from .NET Core 1.1 to 2.0 I need to set up a schema for each client or authentication way

//This is for the controller from the web
    [Microsoft.AspNetCore.Authorization.Authorize]
    public class MyWebControllerController : Controller 
{
//Some code
}

//This is using web api controller
[Route("api/[controller]")]
    [Produces("application/json")]
    [ApiController]
    [Authorize]

    public class MyApiController : ControllerBase     {
//some code
}

So if I understood that I need to do is configure two authentications in my Startup.cs for example:

public void ConfigureServices(IServiceCollection services)
       {

          services.Configure<CookiePolicyOptions>(options =>
           {
               // This lambda determines whether user consent for non-essential cookies is needed for a given request.
               options.CheckConsentNeeded = context => true;
               options.MinimumSameSitePolicy = SameSiteMode.None;
           });

          //Some code 
           services.AddCors();
           var policy = new Microsoft.AspNetCore.Cors.Infrastructure.CorsPolicy();

           policy.Headers.Add("*");
           policy.Methods.Add("*");
           policy.Origins.Add("*");
           policy.SupportsCredentials = true;
           services.AddCors(x => x.AddPolicy("corsGlobalPolicy", policy));
           _ = services.AddAuthentication(options =>
           {
               options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
               options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
               options.DefaultChallengeScheme = OAuthDefaults.DisplayName;
           }).AddOAuth(OAuthDefaults.DisplayName, options =>
             {
                 //Configuration which it works from the web client, it means the browser


             }).AddJwtBearer(options=>
             {
                 // I think that this is the way for mobile
                 options.Configuration = new OpenIdConnectConfiguration
                 {

                 };
             }).AddCookie();


           services.AddMvc(options =>
           {
               // I do not know if this is the correct way or if this it is necessary 
               var politica = new AuthorizationPolicyBuilder()
                 .AddAuthenticationSchemes("Bearer")
                 .RequireAuthenticatedUser()
                 .Build();

               options.Filters.Add(new AuthorizeFilter(politica));
           }).SetCompatibilityVersion(CompatibilityVersion.Version_2_2).



       }

From the web or the browser, the authentication works with Oauth, from mobile using Ionic the authentication is made through Http request which returns a 200 status code with the token, but when the request to any web API controller are made including a token in the header or Bearer token redirect to the adfs login site for authentication. I want to send user and password from the Ionic app and access to all web API controllers.

Answer 1

If you need to manage two authentication methods it is necessary to configure the authorize like the answer here: Migrating web api authentication from .NET Core 1.1 to 2.0. Also, it is necessary to do the following configurations if you are using adfs:

//ConfigureServices method
 _ = services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OAuthDefaults.DisplayName;

            }).AddOAuth(OAuthDefaults.DisplayName, options =>
              {
                  //Get the configuration from appsettings.json

                  options.AuthorizationEndpoint = Configuration["oauth:auth_uri"];
                  options.TokenEndpoint = Configuration["oauth:token_uri"];
                  options.ClientId = Configuration["oauth:client_id"];
                  options.ClientSecret = Configuration["oauth:client_secret"];
                  var callback = Configuration["oauth:callback_path"].ToString();
                  options.CallbackPath = new PathString(callback);

                options.ClaimsIssuer = "https://YOUR_SERVER/adfs";
                options.Events = new OAuthEvents
                {
                    OnCreatingTicket = OnCreatingTicket,
                };


              }).AddJwtBearer("Bearer",configureOptions=>
              {
                  configureOptions.Authority = "https://YOUR_SERVER/adfs";
                  configureOptions.Audience = "microsoft:identityserver:CLIENT_ID";
                  configureOptions.TokenValidationParameters = new TokenValidationParameters()
                  {
                      ValidIssuer = "http://YOUR_SERVER/adfs/services/trust",
                      ValidateIssuer = true,
                      ValidateAudience = true,
                      ValidAudience = "AUDIENCE",
                      ValidateLifetime = true,
                  };

              }).AddCookie();

 services.AddAuthorization(options =>
            {
                var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
                    JwtBearerDefaults.AuthenticationScheme,
                    "Bearer");
                defaultAuthorizationPolicyBuilder =
                    defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
                options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();

            });

Now in your controller which calls from the web client the authorize is like this:

  [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
    public class WebController : Controller
    {
      //YOUR CODE
    }

if it is a web api controller the authorize is like this:

 [Route("api/[controller]")]
    [ApiController]
    [Produces("application/json")]
    [Authorize(AuthenticationSchemes =JwtBearerDefaults.AuthenticationScheme)]
    public class WebApiController : ControllerBase
    {
      //Your code here
    }

This article is helpful too: https://medium.com/@gabriel.faraday.barros/adfs-angular-asp-net-core-api-5fc61ae89fb3