Hello experts,
I need some help with enabling multiple authentication schemes in asp.net core web app using Azure AD and PingOne Identity providers, I have followed the Microsoft Learn but I keep getting the errror:
******'System.InvalidOperationException: 'Scheme already exists: Cookies'******
and here is my startup.cs file code
**/*here I'm adding the Azure AD with OIDC authentication scheme*/**
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(options =>
{
options.Authority = options.Authority = $"{Configuration["AzureAD:Instance"]}{Configuration["AzureAD:TenantId"]}";
options.ClientId = $"{Configuration["AzureAD:ClientId"]}";
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.CallbackPath = "/signin-callback";
options.SignedOutRedirectUri = "https://localhost:44377/";
options.TokenValidationParameters.NameClaimType = "name";
})
.AddCookie();
/Here I'm addign the PingOne authentication scheme/
services.AddPingOneAuthentication("PingOne", Configuration.GetSection("PingOne:Authentication")
.Get<PingOneConfigurationAuthentication>());
**/*Adding the two schemes to the Authorization Policy builder*/**
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
OpenIdConnectDefaults.AuthenticationScheme,
"PingOne");
defaultAuthorizationPolicyBuilder =
defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
and here is my appsetting.json file
{
"PingOne": {
"Authentication": {
"AuthBaseUrl": "https://auth.pingone.eu",
"EnvironmentId": "environment id herer",
"ClientId": "client Id",
"Secret": "mysecret code here",
"ResponseType": "code",
"RedirectPath": "/callback",
"PostSignOffRedirectUrl": "",
"Scopes": [
"openid",
"profile",
"email",
"address"
]
}
},
"AzureAD": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "mydomain",
"TenantId": "mytenentId goes here",
"ClientId": "ClientId goes here",
"CallbackPath": "/callback",
"SignedOutCallbackPath ": "/signout-callback-oidc",
// To call an API
"ClientSecret": "secret goes here"
},
And here is my controller code
public class AccountController : Controller
{
public async Task Login()
{
await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
// await HttpContext.ChallengeAsync("PingOne,OpenIdConnectDefaults.AuthenticationScheme", new AuthenticationProperties { RedirectUri = Url.Action("Index", "Home") });
}
//[Route('api/users')]
[Authorize(AuthenticationSchemes = "PingOne,OpenIdConnectDefaults.AuthenticationScheme")]
public async Task Logout()
{
await HttpContext.SignOutAsync("PingOne", new AuthenticationProperties { RedirectUri = Url.Action("Index", "Home") });
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
}
Any help will be really appreciated. Thanks very much in advance.
Seham