Hi @Jörg Auberg ,
Thanks for reaching out.
Yes, it is possible to support one application service using multiple authentication schemas.
Microsoft Identity Platform supports multiple authentication schemas which allow users to sign into application either with two Azure AD application registration or one Azure AD app or another Azure AD B2C.
In the appsettings.json file, you need to provide two authentication schemas.
{
"AzureAd1": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "xxx-xx-xx-xx-xxx",
"Domain": "contso.onmicrosoft.com",
"TenantId": "xxxx-xxx-xx-xx",
"ClientId": "xxx-x-xxx-xx",
"ClientSecret": "",
},
"AzureAd2": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "contso.onmicrosoft.com",
"TenantId": "xxx-xx-xx-xx",
"ClientId": "xxx-xx-xx-xx",
"ClientSecret": "",
"CallbackPath": "/signin-oidc"
},
"DownstreamApi": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "user.read"
},
"Downstream2Api": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "user.read"
},
}
In Startup.cs
in ConfigureServices
, we have two sections for .AddAuthentication
, one for AzureAd1
and another for AzureAd2
. Please note that .AddAuthentication()
has no default scheme defined.
services.AddAuthentication() // No default scheme
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd1"), "openid2")
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' '))
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.AddAuthentication() // No default scheme either
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd2"), "AzureAD", "cookiesAzureAD")
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("Downstream2Api:Scopes")?.Split(' '))
.AddDownstreamWebApi("Downstream2Api", Configuration.GetSection("Downstream2Api"));
Reference: [https://github.com/AzureAD/microsoft-identity-web/wiki/Multiple-Authentication-Schemes
Hope this will help.
Thanks
Shweta
Please remember to "Accept Answer" if answer helped you.