This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello experts,
I need some help with enabling multiple authentication schemes in asp.net core web app using Azure AD and PingOne Identity providers, I have followed the Microsoft Learn but I keep getting the errror:
'System.InvalidOperationException: 'Scheme already exists: Cookies'
and here is my startup.cs file code
/here I'm adding the Azure AD with OIDC authentication scheme/
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(options =>
{
options.Authority = options.Authority = $"{Configuration["AzureAD:Instance"]}{Configuration["AzureAD:TenantId"]}";
options.ClientId = $"{Configuration["AzureAD:ClientId"]}";
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.CallbackPath = "/signin-callback";
options.SignedOutRedirectUri = "https://localhost:44377/";
options.TokenValidationParameters.NameClaimType = "name";
})
.AddCookie();
services.AddPingOneAuthentication("PingOne", Configuration.GetSection("PingOne:Authentication")
.Get<PingOneConfigurationAuthentication>());
**/*Adding the two schemes to the Authorization Policy builder*/**
services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
OpenIdConnectDefaults.AuthenticationScheme,
"PingOne");
defaultAuthorizationPolicyBuilder =
defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
and here is my appsetting.json file
`{
"PingOne": {
"Authentication": {
"AuthBaseUrl": "https://auth.pingone.eu",
"EnvironmentId": "environment id herer",
"ClientId": "client Id",
"Secret": "mysecret code here",
"ResponseType": "code",
"RedirectPath": "/callback",
"PostSignOffRedirectUrl": "",
"Scopes": [
"openid",
"profile",
"email",
"address"
]
}
},
"AzureAD": {
"Instance": "https://login.microsoftonline.com/";,
"Domain": "mydomain",
"TenantId": "mytenentId goes here",
"ClientId": "ClientId goes here",
"CallbackPath": "/callback",
"SignedOutCallbackPath ": "/signout-callback-oidc",`
And here is my controller code
public class AccountController : Controller
{
public async Task Login()
{
await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
// await HttpContext.ChallengeAsync("PingOne,OpenIdConnectDefaults.AuthenticationScheme", new AuthenticationProperties { RedirectUri = Url.Action("Index", "Home") });
}
//[Route('api/users')]
[Authorize(AuthenticationSchemes = "PingOne,OpenIdConnectDefaults.AuthenticationScheme")]
public async Task Logout()
{
await HttpContext.SignOutAsync("PingOne", new AuthenticationProperties { RedirectUri = Url.Action("Index", "Home") });
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
}
Hi @Seham , this means that there is a default cookie with an authentication scheme named "Cookies" so you need to provide another name to avoid conflict.. This can be done using the "cookieScheme" parameter. Please let me know if you have any questions.
Best,
James
Hi @Seham , do you still need help with this issue? If not, please mark the appropriate answer as verified.
Thank you,
James