Reputation: 181
How to add AzureAD AND AzureADBearer to asp.net core 2.2 web api
I'm trying to author a website that uses AzureAD to authenticate users to access UIs to author items in a DB. And I also want this API to be callable by other services via a bearer token.
services.AddAuthentication(o => {
o.DefaultScheme = AzureADDefaults.BearerAuthenticationScheme;
o.DefaultAuthenticateScheme = AzureADDefaults.AuthenticationScheme;
})
.AddAzureAD(options => Configuration.Bind("AzureAd", options))
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
I want users to be authenticated using the AzureAD scheme, but services to the same WEB API (under a dif route) to be authenticated by the bearer. Or have all routes except both. Either works
Upvotes: 8
Views: 8955
Answers (2)
Reputation: 27538
You can add the AddAzureADBearer middleware to your application :
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultChallengeScheme = AzureADDefaults.AuthenticationScheme;
sharedOptions.DefaultAuthenticateScheme = AzureADDefaults.AuthenticationScheme;
})
.AddAzureAD(options => Configuration.Bind("AzureAd", options))
.AddAzureADBearer(options => Configuration.Bind("AzureAdBearer", options));
Suppose you have api controller in your application , if another application will access the web api which protected by AAD , you should set the schema :
[HttpGet]
[Authorize(AuthenticationSchemes = "AzureADBearer")]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
Upvotes: 4
Reputation: 181
ended up solving this by creating a policy scheme which toggles between the two schemas depending on the auth header present:
// add azure ad user and service authentication
services
.AddAuthentication("Azures")
.AddPolicyScheme("Azures", "Authorize AzureAd or AzureAdBearer", options =>
{
options.ForwardDefaultSelector = context =>
{
var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
if (authHeader?.StartsWith("Bearer") == true)
{
return AzureADDefaults.JwtBearerAuthenticationScheme;
}
return AzureADDefaults.AuthenticationScheme;
};
})
.AddAzureADBearer(options => config.Bind("AzureAdBearer", options))
.AddAzureAD(options => config.Bind("AzureAd", options));
Upvotes: 10
Related Questions
- Azure AD Authentication with Custom Authorization in ASP.Net Core 6
- Azure AD Authentication with .NET Core Web API
- Asp.net core API authenticate with AzureAD Token
- .NET Core WebApi Authentication & Authorization via Azure
- C# .Net Core Web Api Azure Active Directory & Claims
- ASP.NET Core Web API + Azure AD Authentication
- .NET Core 2 Api with Azure AD and Windows Authentication
- Using Azure Active Directory authentication in ASP.NET Core 2.0 from Web App to Web API
- How to configure an ASP.Net Core 2.0 API to use Azure AD as Identity Provider
- Web API .Net Core Azure Active Directory Authentication