stackoom
  简体   繁体   中英

How I can add both Azure AD and non Azure AD tokens to the same .NET Core Api

 原文  2021-03-24 03:17:59       c#/ .net/ .net-core/ azure-active-directory/ jwt

Question

Want to do something like this:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateAudience = false,
                    ValidateIssuer = false,
                    ValidateIssuerSigningKey = false,
                    ValidateLifetime = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("private_key"))
                };
            })
            .AddMicrosoftIdentityWebApi(this.Configuration.GetSection("AzureAd"));

But it crashes. If I add a name for each scheme, then [Authorize] doesn't work.

How I can do something like this, and distinguish the [Authorize] methods on different controllers for either one or the other?

Thanks

2 answers

solution1
 0  2021-03-24 03:51:01

For AAD use [Authorize] on the controller
For non AAD then I use [Authorize(AuthenticationSchemes = "Other"]

Add the "Other" scheme name to the.AddJwtBearer one as displayed below.

Happy coding:)

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer("Other", options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateAudience = false,
                    ValidateIssuer = false,
                    ValidateIssuerSigningKey = false,
                    ValidateLifetime = true,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("private_key"))
                };
            })
            .AddMicrosoftIdentityWebApi(this.Configuration.GetSection("AzureAd"))

solution2
 0  2021-03-24 03:51:35

Its not enough just to add Authentication you need to configure policy so both will be validated (in official doc)

  services.AddAuthorization(options =>
    {
        var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
            JwtBearerDefaults.AuthenticationScheme,
            "AzureAD");
        defaultAuthorizationPolicyBuilder = 
            defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
        options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
    });

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to do Azure AD groups authorization in .Net core web API? Secure ASP.Net Core 3.1 API with Bearer Tokens from Azure AD How can I retrieve AD Username in .NET Core hosted on Azure Web App? How to use both Azure AD authentication and Identity on ASP.NET Core 3? .NET Core 2 - Web Api - Azure AD - User is NULL .Net Core 6.0 API - Azure AD Authentication error .NET Core Web Api Azure AD and Swagger not authenticating Azure AD Multi Tenant ,.Net Core Web API with JWT Token Azure AD Restricts entire ASP.NET Core API Securing Angular & .Net Core API with Azure AD and Application Roles
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM