ASP.Net Core multiple authentication scheme

Seham 1 Reputation point
2021-02-05T11:23:37.373+00:00

Hello experts,

I need some help with enabling multiple authentication schemes in asp.net core web app using Azure AD and PingOne Identity providers, I have followed the Microsoft Learn but I keep getting the errror:

******'System.InvalidOperationException: 'Scheme already exists: Cookies'******

and here is my startup.cs file code

        **/*here I'm adding the Azure AD with OIDC authentication scheme*/**  

        services.AddAuthentication(options =>  
        {  
            options.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme;  
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;  
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;  
        })  
        .AddOpenIdConnect(options =>  
        {  
            options.Authority = options.Authority = $"{Configuration["AzureAD:Instance"]}{Configuration["AzureAD:TenantId"]}";  
            options.ClientId = $"{Configuration["AzureAD:ClientId"]}";  
            options.ResponseType = OpenIdConnectResponseType.IdToken;  
            options.CallbackPath = "/signin-callback";  
            options.SignedOutRedirectUri = "https://localhost:44377/";  
            options.TokenValidationParameters.NameClaimType = "name";  
        })  
        .AddCookie();  

/Here I'm addign the PingOne authentication scheme/

        services.AddPingOneAuthentication("PingOne", Configuration.GetSection("PingOne:Authentication")  
            .Get<PingOneConfigurationAuthentication>());  
  **/*Adding the two schemes to the Authorization Policy builder*/**  
        services.AddAuthorization(options =>  
            {  
                var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(  
                   OpenIdConnectDefaults.AuthenticationScheme,  
                    "PingOne");  
                defaultAuthorizationPolicyBuilder =  
                        defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();  
                options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();  
            });  

and here is my appsetting.json file
{
"PingOne": {
"Authentication": {
"AuthBaseUrl": "https://auth.pingone.eu",
"EnvironmentId": "environment id herer",
"ClientId": "client Id",
"Secret": "mysecret code here",
"ResponseType": "code",
"RedirectPath": "/callback",
"PostSignOffRedirectUrl": "",
"Scopes": [
"openid",
"profile",
"email",
"address"
]
}
},
"AzureAD": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "mydomain",
"TenantId": "mytenentId goes here",
"ClientId": "ClientId goes here",
"CallbackPath": "/callback",
"SignedOutCallbackPath ": "/signout-callback-oidc",

// To call an API  
"ClientSecret": "secret goes here"  

},

And here is my controller code

public class AccountController : Controller
{
public async Task Login()
{
await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
// await HttpContext.ChallengeAsync("PingOne,OpenIdConnectDefaults.AuthenticationScheme", new AuthenticationProperties { RedirectUri = Url.Action("Index", "Home") });
}
//[Route('api/users')]

    [Authorize(AuthenticationSchemes = "PingOne,OpenIdConnectDefaults.AuthenticationScheme")]  
    public async Task Logout()  
    {  
        await HttpContext.SignOutAsync("PingOne", new AuthenticationProperties { RedirectUri = Url.Action("Index", "Home") });  
        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);  
    }  
}  

Any help will be really appreciated. Thanks very much in advance.

Seham

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,059 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,946 questions
{count} votes

1 answer

Sort by: Most helpful
  1. mobiletonster 116 Reputation points
    2021-04-22T07:19:30.99+00:00

    @Seham

    I recently posted a video walkthrough on how to connect multiple authentication schemes, in particular with social identity providers and openid connect. I think you mind find it helpful.

    ASP.NET Core 5.0 - Authentication Part 3 IDaaS (Okta) & Multiple Login Providers

    You can also find a sample project on my github page at: github.com/mobiletonster/authn

    2 people found this answer helpful.