0

I am upgrading my code(.net6- Razor Pages) authentication, it uses Microsoft.Identity.Web package which I want to upgrade from 1 to the latest(2.10.0). My app uses cookie authentication scheme and Azure AD.

So with Microsoft.Identity.Web v1, the code in the Program.cs was as below

services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme, null)
                .EnableTokenAcquisitionToCallDownstreamApi(scopes)
                .AddDownstreamWebApi("DownStreamAPI", configuration.GetSection("DownStreamAPI"))
                .AddInMemoryTokenCaches();

But when I upgraded to v2.10, I had to change some of the methods because some of the above methods have become obsolete. So I changed my code to the below.

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);

services.AddMicrosoftIdentityWebAppAuthentication(configuration, configSectionName: "AzureAd")
                .EnableTokenAcquisitionToCallDownstreamApi(scopes)
                .AddInMemoryTokenCaches();

But now some part of my code doesnt work, especially around cookie authentication. So I was signing in the user using below method,

await httpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

But the httpContext does not save the claims I am setting.So the Controller with the authorize attribute is failing to see the claims from httpContext.

The above problem started after upgrading the Microsoft.Identity.Web package.

Update:

Everything works fine when I use the below methods,

services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(configuration.GetSection("AzureAd"), "OpenIdConnect", null)
                .EnableTokenAcquisitionToCallDownstreamApi(scopes)
                .AddInMemoryTokenCaches();

But not when I replace AddMicrosoftIdentityWebApp with AddMicrosoftIdentityWebAppAuthentication method of v2.

So this doesnt work,

services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
            .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);
        services.AddMicrosoftIdentityWebAppAuthentication(configuration, configSectionName: "AzureAd", "OpenIdConnect", null)
            .EnableTokenAcquisitionToCallDownstreamApi(scopes)
            .AddInMemoryTokenCaches();

And it shows an error "The SignInScheme for a remote authentication handler cannot be set to itself."

Thanks

Newbie
  • 563
  • 1
  • 5
  • 16

0 Answers0