Trying to wire up code to connect two OpenID accounts. The general idea is to default login to an Azure AD account and during the process ask the user to logon to a second OpenIDConnect. The intension is, later into the code, to grab the second logins username.
Wiring up program.cs
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
builder.Services.AddAuthentication()
.AddCookie("CookiesOpenId2")
.AddOpenIdConnect("OpenId2", options =>
{
...
options.SignInScheme = "CookiesOpenId2";
...
});
After login to both, I see two cookies when reloading a page in Edge.
- .AspNetCore.Cookies
- .AspNetCore.CookiesOpenId2
So far, so good. Now comes the part I obviously doesn't understand.
My challenge now is: How to move from "successful authentication on both" to "logged in with AzureAD credentials and I have the OpenId2 username in his session"?
My idea was to add authorization policy "RequireSigningOpenId2"
builder.Services.AddAuthorization(options =>
{
options.FallbackPolicy = options.DefaultPolicy;
var authPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("OpenId2")
.Build();
options.AddPolicy("RequireOpenId2Signin", authPolicy);
});
And from there control the user experience with policies.
@attribute [Authorize(Policy = "RequireOpenId2Signin")]
or even something like this:
@attribute [Authorize(Policy = "RequireSigninBoth")]
But I realize I might have missed som crucial information or is just heading in the wrong direction.
Any advice or comment will be much appreciated.
