Reputation: 376
OIDC together with Asp.net core Identity?
I have a blazor server-side application that has been up and running with Asp.net core Identity for some time now.
I decided to add OIDC, and when using it as the only option it works, but when combining the two - IsAuthenticated is always false and I don't get the claims anymore.
I have tried setting the DefaultScheme to IdentityConstants.ApplicationScheme but it did not help.
Identity setup:
services.AddDefaultIdentity<ApplicationUser>(options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.Password = new PasswordOptions
{
RequireDigit = true,
RequiredLength = 6,
RequireLowercase = true,
RequireUppercase = true,
RequireNonAlphanumeric = true
};
})
.AddRoles<IdentityRole<int>>()
.AddEntityFrameworkStores<ProjectsContext>();
OIDC setup:
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options => {
options.DefaultScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
options.ClientId = "myClientId";
options.ClientSecret = "myClientSecret";
options.Authority = "https://myAuthority/";
options.ResponseType = "code";
options.GetClaimsFromUserInfoEndpoint = true;
options.TokenValidationParameters.ValidIssuers = new[] {
options.Authority
};
options.CallbackPath = new PathString("/callback");
options.SignedOutCallbackPath = new PathString("/signout");
options.Events = new OpenIdConnectEvents()
{
OnRedirectToIdentityProvider = context => {
context.ProtocolMessage.AcrValues = context.Request.Query["loginmethod"];
return Task.FromResult(0);
}
};
});
When I comment away the Identity setup block and do my OIDC authentication - I get the claims and right flag. When it's included - I do not.
EDIT: When I add the following line inside the AppOpenIdConnect options, the OIDC login works and I get the claims. However when using the Identity login I do not get signed in and claims...
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
Upvotes: 15
Views: 4462
Answers (1)
Reputation: 376
Okay, so for anyone struggling with the same type of problem, I am posting the answer instead of removing the question. Google didn't help me since I didn't find anyone with the same setup.
These are the default schemes to use in the AddAuthentication options to get Identity work with OIDC:
services.AddAuthentication(options => {
options.DefaultScheme = IdentityConstants.ApplicationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
You also need to add an explicit SignInScheme in the OpenIdConnectOptions as such:
.AddOpenIdConnect(options => {
options.SignInScheme = IdentityConstants.ApplicationScheme;
...
};)
Upvotes: 18
Related Questions
- Identity Server 4 OIDC authorization_code flow multi tenancy
- .Net Framework Multi-Tenant OIDC Authentication
- ASP.NET Core authentication/authorization with external OpenID Connect provider
- Map OpenID Connect User to ASP.NET Core Identity User
- How to configure multiple Oidc providers in IdentityServer4
- Add own claims when logging in with OIDC in ASP:NET Core
- Is to possible to expose Security Stamp from Asp.Net Core Identity as a claim for OIDC
- Using both AspNet.Identity and OpenConnectId(For Azure AD Signin)
- .Net Core 2 OpenID Connect Authentication and multiple Identities
- .net core identity server 4 authentication handler for oidc