Mitch
Mitch
PostsComments
CC#
Created by Mitch on 9/24/2024 in #help
Why do my Admin controllers trigger OnRemoteFailure in ConfigureOpenIdConnectOptions when using cust
Why do my Admin controllers trigger OnRemoteFailure in ConfigureOpenIdConnectOptions when using custom authentication policies? I am configuring authentication and authorization in an ASP.NET Core application using both OpenIdConnect and Microsoft Identity. The goal is to make the frontend controllers for my site use the OpenIdConnect (IdentityServer4) and the admin controllers use AzureAd. Here's a summary of my setup: In Startup.cs, I have configured authentication and authorization as follows: 
services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureOpenIdConnectOptions(); 
services.AddSingleton<IConfigureOptions<MicrosoftIdentityOptions>, ConfigureAzureAdConnectOptions>();

AuthenticationBuilder authBuilder = services.AddAuthentication(options =>
{
    options.DefaultScheme = "IS4Cookies";
    options.DefaultChallengeScheme = "SigmaSSO";
});
authBuilder.AddCookie("IS4Cookies"); // Add a cookie handler
authBuilder.AddOpenIdConnect("SigmaSSO", null);
authBuilder.AddMicrosoftIdentityWebApp(Configuration, "AzureAd", "EntraIdOIDC", "EntraId", true);

services.AddAuthorization(options =>
{
    options.AddPolicy("AdminSection", policy =>
    {
        policy.AddAuthenticationSchemes("EntraIdOIDC");
        policy.RequireAuthenticatedUser();
        policy.RequireRole(new List<string>{"PlusAdminUser"});
    });
    options.AddPolicy("FrontEnd", policy =>
    {
        policy.AddAuthenticationSchemes("SigmaSSO");
        policy.RequireAuthenticatedUser();
    });
});
services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureOpenIdConnectOptions(); 
services.AddSingleton<IConfigureOptions<MicrosoftIdentityOptions>, ConfigureAzureAdConnectOptions>();

AuthenticationBuilder authBuilder = services.AddAuthentication(options =>
{
    options.DefaultScheme = "IS4Cookies";
    options.DefaultChallengeScheme = "SigmaSSO";
});
authBuilder.AddCookie("IS4Cookies"); // Add a cookie handler
authBuilder.AddOpenIdConnect("SigmaSSO", null);
authBuilder.AddMicrosoftIdentityWebApp(Configuration, "AzureAd", "EntraIdOIDC", "EntraId", true);

services.AddAuthorization(options =>
{
    options.AddPolicy("AdminSection", policy =>
    {
        policy.AddAuthenticationSchemes("EntraIdOIDC");
        policy.RequireAuthenticatedUser();
        policy.RequireRole(new List<string>{"PlusAdminUser"});
    });
    options.AddPolicy("FrontEnd", policy =>
    {
        policy.AddAuthenticationSchemes("SigmaSSO");
        policy.RequireAuthenticatedUser();
    });
});
(more in next post)
3 replies
CC#
Created by Mitch on 5/9/2023 in #help
✅ How can an error occur inside an if statement when the condition doesn't == true?
26 replies