stackoom
  简体   繁体   中英

2 openid connect in asp.net core application

 原文  2022-12-07 08:21:24       asp.net-core/ asp.net-identity/ openid-connect

Question

I've been trying to add second identity provider to my web app, but have a problem with the configuration.

The app has the folowing configuration

builder.Services.AddAuthentication(options =>
{
  options.DefaultScheme = "cookie";
  options.DefaultSignInScheme = "cookie";
  options.DefaultChallengeScheme = "oidc";
  options.DefaultSignOutScheme = "oidc";
})
    .AddCookie("cookie")
    .AddOpenIdConnect("oidc", options =>
    {
      options.Authority = AppConfig.AuthorizationServerAdress;
      options.ClientId = AppConfig.OpenidApp;
      options.ClientSecret = AppConfig.OpenidAppSecret;
      options.ResponseType = OpenIdConnectResponseType.Code;
      options.ResponseMode = OpenIdConnectResponseMode.Query;
      options.UsePkce = true;
      options.SaveTokens = true;
      options.GetClaimsFromUserInfoEndpoint = true;
    })

    .AddCookie("cookie2")
    .AddOpenIdConnect("oidc2", options =>
    {
        options.Authority = AppConfig.AuthorizationExternalServerAdress;
        options.ClientId = AppConfig.OpenidExternalApp;
        options.ClientSecret = AppConfig.OpenidExternalAppSecret;
        options.ResponseType = OpenIdConnectResponseType.Code;
        options.ResponseMode = OpenIdConnectResponseMode.Query;
        options.UsePkce = true;
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;
    });

It works by default with the first oidc provider, but if I use oidc2 to log in and then navigate to my app, I'll go to my default oidc provider. It means that the second provider will be ignored. Can somebody help me with the configuration, please?

1 answers

solution1
 0 ACCPTED  2022-12-07 09:44:45

The problem is that both handlers will listen for the callback request from your identityprovider on URL /signin-oidc

So, to solve it, you need to make sure they are different, like:

.AddOpenIdConnect("oidc", options =>
{
  //other options
  options.CallbackPath = new PathString("/oidc/handler1");
}
.AddOpenIdConnect("oidc2", options =>
{
  //other options
  options.CallbackPath = new PathString("/oidc/handler2");
}

also, see OpenIdConnect: Manually handle Callback

But, in general I advice that your clients and apps only should trust one provider (token issuer) and let users choose how to authenticate through your primary provider, like in this picture: 在此处输入图像描述

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Security and OpenId Connect Flows with ASP.Net Core 2.1 and React ASP.NET Core & OpenID Connect Redirect to External Identity Provider OpenID Connect in Angular SPA with Asp.Net Core 3.1 Backend ASP.NET Core authentication/authorization with external OpenID Connect provider Error using OpenID Connect with .NET Core 3.0 ASP.NET Core API service OpenID Connect security considerations in ASP NET Core ASP.NET Core OpenId Authentication Correlation failed in net.core / asp.net identity / openid connect Asp.Net Core API OpenId-Connect authentication with JWT token using IdentityModel Does ASP.NET Core's authentication middleware always use implicit flow for OpenID Connect?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM