❔ Having trouble integrating Azure ad SSO and normal username/password
So I am trying to integrate Microsoft SSO into my .net 7 API. I basically want every endpoint to use my normal username/password except for a single endpoint, that should validate the SSO token.
My normal username/password scheme uses a JWT bearer, and since Microsoft SSO also uses this, the schemes collide, so I have given my username/password scheme a custom name. I am having trouble defining what endpoints should authenticate using my normal bearer scheme and what should validate using Microsoft SSO.
I've defined my authentication like this:
2 Replies
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "EQ-Bearer";
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer("EQ-Bearer", configureOptions =>
{
configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
configureOptions.TokenValidationParameters = tokenValidationParameters;
configureOptions.SaveToken = true;
configureOptions.Events = new JwtBearerEvents
{
OnChallenge = context =>
{
var a = context;
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
context.Response.Headers.Add("Token-Expired", "true");
}
return Task.CompletedTask;
},
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
var path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(accessToken) && (path.StartsWithSegments("/hubs")))
{
context.Token = accessToken;
}
return Task.CompletedTask;
}
};
}).AddMicrosoftIdentityWebApi(Configuration);
And set the standard authentication like this:
services.AddAuthorization(options =>
{
var defaultAuthBuilder = new AuthorizationPolicyBuilder("EQ-Bearer");
defaultAuthBuilder = defaultAuthBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthBuilder.Build();Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.