'Problems using Microsoft Identity Web App and Microsoft.AspNetCore.Identity in the same Web Project
In my currently application I need to use two different authentications:
- Microsoft.AspNetCore.Identity - with internal Identity tables for Customer users
- Microsoft Identity Web App - Azure AD authentication for Internal users of my Organization
If I try to configure ONLY ONE service it works perfectly. The problem happens when I add the services Microsoft.AspNetCore.Identity and Microsoft Identity Web App to the same application. Then my one of the authentication stops working.
For instance. If I add these two codes together, then Azure Sign In works and Internal Sign In does not work:
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(
options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Password.RequiredLength = 8;
options.Password.RequireDigit = true;
options.SignIn.RequireConfirmedEmail = true;
}
)
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("Authentication:AzureAd"));
But if I add these two codes together, then the internal Sign In works but the Azure AD Sign in does not work:
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(
options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Password.RequiredLength = 8;
options.Password.RequireDigit = true;
options.SignIn.RequireConfirmedEmail = true;
}
)
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();
builder.Services.AddAuthentication()
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("Authentication:AzureAd"));
Although in both cases the process authenticates with no error, it seems that the claims are not being filled on the object System.Security.Claims.ClaimsIdentity properly. So in the end is like it is not authenticated (although they are).
Has anybody experienced this before? Any idea how to solve it?
Thanks!
Solution 1:[1]
Fortunatelly I could find the answer.
Curently I am using Blazor Server in this Web Project.
A workaround to solve this problem was to change some configuration of the Authorize attribute. So, basically this code stays this way:
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(
options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Password.RequiredLength = 8;
options.Password.RequireDigit = true;
options.SignIn.RequireConfirmedEmail = true;
}
)
.AddEntityFrameworkStores<DbContext>()
.AddDefaultTokenProviders();
builder.Services.AddAuthentication()
.AddMicrosoftIdentityWebApp(options =>
{
builder.Configuration.Bind("Authentication:AzureAd", options);
}
);
Am I replaced this code:
app.MapBlazorHub();
By this code:
app.MapBlazorHub()
.AllowAnonymous()
.RequireAuthorization(
new AuthorizeAttribute
{
AuthenticationSchemes = $"{OpenIdConnectDefaults.AuthenticationScheme},{IdentityConstants.ApplicationScheme}",
}
);
It works prefectly now.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |