jmprieur
commented
2 years ago @fabiano-ferreira : did you use multiple auth schemes?
Open fabiano-ferreira opened 2 years ago
jmprieur
commented
2 years ago @fabiano-ferreira : did you use multiple auth schemes?
fabiano-ferreira
commented
2 years ago Hello @jmprieur !
Yep! I am using multiple auth schemes in a Blazor Server app.
I could find a workaround for this issue:
I still have the identity with my internal tables added:
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>( options => { options.SignIn.RequireConfirmedAccount = true; options.Password.RequiredLength = 8; options.Password.RequireDigit = true; options.SignIn.RequireConfirmedEmail = true; } ) .AddEntityFrameworkStores<QMeDbContext>() .AddDefaultTokenProviders();
And I also have the external AzureAD account configured:
builder.Services.AddAuthentication() .AddMicrosoftIdentityWebApp(options => { builder.Configuration.Bind("Authentication:AzureAd", options); } );
In order to make it work I did the following when calling the method MapBlazorHub:
app.MapBlazorHub() .AllowAnonymous() .RequireAuthorization( new AuthorizeAttribute { AuthenticationSchemes = $"{OpenIdConnectDefaults.AuthenticationScheme},{IdentityConstants.ApplicationScheme}", } );
As you can see I had to specify my two different schemes for my application to recognize them.
jennyf19
commented
11 months ago @fabiano-ferreira does this repro on the latest 2.16.0?
fabiano-ferreira
commented
11 months ago @fabiano-ferreira does this repro on the latest 2.16.0?
Hi @jennyf19 ! Does your question refer to the issue or the solution?
Hello!
In my currently application I need to use two different authentications:
Microsoft.AspNetCore.Identity - with internal Identity tables for Customer users
Microsoft Identity Web App - Azure AD authentication for Internal users of my Organization
If I try to configure ONLY ONE service it works perfectly. The problem happens when I add the services Microsoft.AspNetCore.Identity and Microsoft Identity Web App to the same application. Then my one of the authentication stops working.
For instance. If I add these two codes together, then Azure Sign In works and Internal Sign In does not work:
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>( options => { options.SignIn.RequireConfirmedAccount = true; options.Password.RequiredLength = 8; options.Password.RequireDigit = true; options.SignIn.RequireConfirmedEmail = true; } ) .AddEntityFrameworkStores()
.AddDefaultTokenProviders();'
builder.Services.AddAuthentication(options => { options.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("Authentication:AzureAd"));`
But if I add these two codes together, then the internal Sign In works but the Azure AD Sign in does not work:
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>( options => { options.SignIn.RequireConfirmedAccount = true; options.Password.RequiredLength = 8; options.Password.RequireDigit = true; options.SignIn.RequireConfirmedEmail = true; } ) .AddEntityFrameworkStores()
.AddDefaultTokenProviders();
builder.Services.AddAuthentication() .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("Authentication:AzureAd"));
Although in both cases the process authenticates with no error, it seems that the claims are not being filled on the object System.Security.Claims.ClaimsIdentity properly. So in the end is like it is not authenticated (although they are).
Can this be considered a bug?
Thanks!