This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
I've an ASP.NET Core web application with multiple authentication schemes.
The default scheme is Cookie:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(options =>
{
configuration.Bind("Authentication:AzureAd", options);
options.Events.OnAuthorizationCodeReceived = authorizationCodeReceivedContext =>
{
AuthHelper.IsAzureAdAuthenticated = true;
return Task.CompletedTask;
};
})
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(configuration.GetSection("Authentication:Graph"))
.AddSessionTokenCaches();
services.AddRazorPages().AddMicrosoftIdentityUI();
My "Test" page can be accessed by any users, with form or Azure AD account.
If the user has an Azure AD account I use GraphServiceClient to get the unread email count.
The "Test" page:
[Authorize]
public class GraphCMSModel : PageModel
{
private readonly GraphLogic _graphLogic;
public string AreaContent { get; set; } = string.Empty;
public GraphCMSModel(GraphLogic graphLogic)
{
_graphLogic = graphLogic;
}
public async Task OnGetAsync()
{
if (AuthHelper.IsAzureAdAuthenticated)
{
AreaContent = await _graphLogic.GetContentAsync();
}
else
{
AreaContent = "No Graph for you";
}
}
}
GraphLogic has GraphServiceClient:
public class GraphLogic
{
private readonly GraphServiceClient _graph;
public GraphLogic(GraphServiceClient graph)
{
_graph = graph;
}
public async Task<string> GetContentAsync()
{
var messages = await _graph.Me.MailFolders["Inbox"].Messages
.Request()
.Filter("isRead ne true")
.GetAsync();
return $"You have {messages.Count} unread messages";
}
}
I get this error:
InvalidOperationException: IDW10503: Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Cookies' as the authentication scheme. Available authentication schemes are 'Cookies,OpenIdConnect'.
I tried several things:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 77%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFU%3C/text%3E%3C/svg%3E)
First of all for multiple authorization how did you configured the both endpoint need to have a look first. Another important point is that, was the middleware configured accordingly? For more than one authentication schema, you should configure them separately as following:
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Audience = "https://localhost:5000/";
options.Authority = "https://localhost:5000/YourEndpointURL";
})
.AddJwtBearer("AzureAD", options =>
{
options.Audience = "https://localhost:5000/";
options.Authority = "https://login.microsoftonline.com/YourEndpointURL";
});
In addition, please have a look at this official document and check if you have configured accordingly.
My auth configuration seems correct, I've configured both authentication schema. They works. It's only Graph that didn't use the correct one.
I found that I can tell GraphServiceClient which auth schema to use with "WithAuthenticationScheme" method:
var messages = await graph.Me.MailFolders["Inbox"].Messages
.Request()
.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme)
.Filter("isRead ne true")
.GetAsync();