0

The authentication (Cookie) of my project is set as below,

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
            .AddCookie(options =>
            {
                options.ClaimsIssuer = "xxx.admin";
                options.Cookie.HttpOnly = true;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.LoginPath = "/Login/Index/";
                options.AccessDeniedPath = "/Account/Unauthorized/";
                options.Cookie.SameSite = SameSiteMode.Strict;
            });

and I configured second authentication option (OpenIdConnect) in different project as below,

         services.AddRazorPages().AddMvcOptions(options =>
        {
            var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
            options.Filters.Add(new AuthorizeFilter(policy));
        }).AddMicrosoftIdentityUI();

        services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme).AddMicrosoftIdentityWebApp(options =>
        {
            Configuration.Bind("AzureActiveDirectoryConnection", options);

            options.Events ??= new OpenIdConnectEvents();
            options.Events.OnTokenValidated += OnTokenValidated;
            options.Events.OnTicketReceived += OnTicketReceived;
            //options.Events.OnRedirectToIdentityProvider += OnRedirectToIdentityProvider;
        });

Now, I need to combine them to support multiple authentication types in my app. How can I do that?

Murat Durak
  • 15
  • 1
  • 3
  • does [this](https://stackoverflow.com/questions/70153302/dynamically-chose-authentication-scheme-in-asp-net-core-wep-api/70154322#70154322) solve your case ? – Gordon Khanh Ng. Jan 13 '22 at 05:03
  • how can I understand the "different project"? One solution has 2 projects? Then what is the "combine them"? Sorry I'm really not clear about it – Tiny Wang Jan 13 '22 at 08:20
  • @TinyWang They're in different solutions (each one has 1 project) and combining means supporting two different authentication in my app. – Murat Durak Jan 13 '22 at 08:31
  • So, you want to combine 2 projects into one? Or you want to add OpenIdConnect authentication into the first project? – Tiny Wang Jan 13 '22 at 08:34
  • @TinyWang I want to add OpenIdConnect authentication into the first project – Murat Durak Jan 13 '22 at 08:35
  • 1
    I'm not sure as you didn't say your exact issue here. So maybe you may refer to [this answer](https://stackoverflow.com/a/57135887) first? By the way, microsoft also provide official document about how to use [multi-authentication](https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-6.0#use-multiple-authentication-schemes). – Tiny Wang Jan 13 '22 at 08:45

1 Answers1

0

Step 1:

Add compliant Microsoft.Identity.Web and Microsoft.Identity.Web.UI NuGet Packages to your project.

Step 2:

Add following lines after .AddCookie(options => ..) method.

.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureActiveDirectoryConnection"), "OpenIdConnect", "_Cookies", true);

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => {

    options.Events ??= new OpenIdConnectEvents();
    options.Events.OnTokenValidated += OnTokenValidated;
    options.Events.OnTicketReceived += OnTicketReceived;
    options.Events.OnRedirectToIdentityProvider += OnRedirectToIdentityProvider;
});

// This is for Azure AD SignIn and SignOut buttons' functions
services.AddRazorPages().AddMvcOptions(options => { }).AddMicrosoftIdentityUI();

// We say "I have multiple authentication schemes" to the app here
services.AddAuthorization(options =>
{
    var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme);
    defaultAuthorizationPolicyBuilder = defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
    options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});

Briefly, you add second authentication option here and specify its events you need and bind Azure AD clientId, tenantId, etc. which comes from AppSettings file, such as:

"AzureActiveDirectoryConnection": {
  "Instance": "https://login.microsoftonline.com/",
  "Domain": "YourDomainName.onmicrosoft.com",
  "TenantId": "YourTenantId",
  "ClientId": "YourClientId",
  "CallbackPath": "/signin-oidc",
  "SignedOutCallbackPath ": "/signout-oidc"
}
Murat Durak
  • 15
  • 1
  • 3