1

In my currently application I need to use two different authentications:

  1. Microsoft.AspNetCore.Identity - with internal Identity tables for Customer users
  2. Microsoft Identity Web App - Azure AD authentication for Internal users of my Organization

If I try to configure ONLY ONE service it works perfectly. The problem happens when I add the services Microsoft.AspNetCore.Identity and Microsoft Identity Web App to the same application. Then my one of the authentication stops working.

For instance. If I add these two codes together, then Azure Sign In works and Internal Sign In does not work:

builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(
options =>
{
    options.SignIn.RequireConfirmedAccount = true;
    options.Password.RequiredLength = 8;
    options.Password.RequireDigit = true;
    options.SignIn.RequireConfirmedEmail = true;
}
)
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();

builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("Authentication:AzureAd"));

But if I add these two codes together, then the internal Sign In works but the Azure AD Sign in does not work:

builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(
options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Password.RequiredLength = 8;
options.Password.RequireDigit = true;
options.SignIn.RequireConfirmedEmail = true;
}
)
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();

builder.Services.AddAuthentication()
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("Authentication:AzureAd"));

Although in both cases the process authenticates with no error, it seems that the claims are not being filled on the object System.Security.Claims.ClaimsIdentity properly. So in the end is like it is not authenticated (although they are).

Has anybody experienced this before? Any idea how to solve it?

Thanks!

Fabiano Rodrigues Ferreira
  • 31
  • 3

1 Answers1

2

Fortunatelly I could find the answer.

Curently I am using Blazor Server in this Web Project.

A workaround to solve this problem was to change some configuration of the Authorize attribute. So, basically this code stays this way:

builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(
       options =>
       {
               options.SignIn.RequireConfirmedAccount = true;
               options.Password.RequiredLength = 8;
               options.Password.RequireDigit = true;
               options.SignIn.RequireConfirmedEmail = true;                                        
        }
)            
.AddEntityFrameworkStores<DbContext>()            
.AddDefaultTokenProviders();

builder.Services.AddAuthentication()
.AddMicrosoftIdentityWebApp(options =>
    {
        builder.Configuration.Bind("Authentication:AzureAd", options);        
    }
);

Am I replaced this code:

app.MapBlazorHub();

By this code:

app.MapBlazorHub()
    .AllowAnonymous()
    .RequireAuthorization(
        new AuthorizeAttribute
        {
            AuthenticationSchemes = $"{OpenIdConnectDefaults.AuthenticationScheme},{IdentityConstants.ApplicationScheme}",        
        }
   );

It works prefectly now.

Fabiano Rodrigues Ferreira
  • 31
  • 3
  • I would give more upvote if possible :-) There are many SO posts that say that the mixture of AddIdentity and AddMicrosoftIdentityWebApp (and relatives) is not supported or not possible. This solution should be in the docs as it clearly shows the way to tell Blazor to look for any kind of scheme or any number of schemes altogether. – Joerg Krause Dec 15 '22 at 10:53