I am adding Entra ID authentication to an existing ASP.NET Core web app and Web API with standard identity authentication.
Authentication is working. Calling a method on my API using DownstreamApi.CallApiForUserAsync is also working, but only if I set OpenId Connect as the default auth scheme.
When it is not the default auth scheme, then I get an error
Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Identity.Application' as the authentication scheme.
How do I specify the authentication scheme?
Relevant code (with variable and method names changed) - Startup:
builder.Services.AddAuthentication(/*OpenIdConnectDefaults.AuthenticationScheme*/)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(
builder.Configuration.GetSection("X:Scopes").Get<string[]>()
)
.AddInMemoryTokenCaches()
.AddDownstreamApi("X", builder.Configuration.GetSection("X"));
Controller method calling API:
[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
[AuthorizeForScopes(ScopeKeySection = "X:Scopes")]
public async Task<string> GetSomething()
{
HttpResponseMessage response = await _downstreamApi.CallApiForUserAsync("X", options =>
{
options.RelativePath = "path/Something";
});
...
}
If the parameter is provided in the call to AddAuthentication, it works, if not, I get the error mentioned above.
I am adding Entra ID authentication to an existing ASP.NET Core web app and Web API with standard identity authentication.
Authentication is working. Calling a method on my API using DownstreamApi.CallApiForUserAsync is also working, but only if I set OpenId Connect as the default auth scheme.
When it is not the default auth scheme, then I get an error
Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Identity.Application' as the authentication scheme.
How do I specify the authentication scheme?
Relevant code (with variable and method names changed) - Startup:
builder.Services.AddAuthentication(/*OpenIdConnectDefaults.AuthenticationScheme*/)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(
builder.Configuration.GetSection("X:Scopes").Get<string[]>()
)
.AddInMemoryTokenCaches()
.AddDownstreamApi("X", builder.Configuration.GetSection("X"));
Controller method calling API:
[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
[AuthorizeForScopes(ScopeKeySection = "X:Scopes")]
public async Task<string> GetSomething()
{
HttpResponseMessage response = await _downstreamApi.CallApiForUserAsync("X", options =>
{
options.RelativePath = "path/Something";
});
...
}
If the parameter is provided in the call to AddAuthentication, it works, if not, I get the error mentioned above.
- What does your appsettings.json look like? – Conrad Lotz Commented Feb 17 at 17:00
- The Microsoft.Identity.Web package is a Microsoft specific client built on top on the ASP.NET Core OpenID Connect client with some changes to the default client. Microsoft Entra ID is an implementation of OpenId Connect. Please see this link for more info on this package: learn.microsoft/en-us/aspnet/core/security/authentication/…. – SoftwareDveloper Commented Feb 17 at 19:14
1 Answer
Reset to default 0You could read this document for Microsoft.Identity.Web
it requires OpenIdConnectDefaults.AuthenticationScheme as parameter
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
If you want to specify the authentication scheme,you may try:
services.AddAuthentication("MyAuthenticationScheme")
.AddMicrosoftIdentityWebApp(Configuration,
openIdConnectAuthenticationScheme: "MyAuthenticationScheme");