Thanks for reaching out.
Thanks for reaching out. I understand you are trying to setup both Entra ID and Azure AD B2C in your application.
This can be achieved using Multiple authentication schemes which allow you to add several authentication schemes in one application.
You can add both the application configurations in the appsettings.json file one for Entra ID (application registered in Entra ID tenant) and another one for Azure AD B2C (application registered in Entra ID B2C tenant).
{
"AzureAdB2C": {
"Instance": "https://xxx.b2ctenant.com",
"ClientId": "xxxxx",
"Domain": "xxx.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_signupsignin",
"CallbackPath": "/authentication/login-callback",
"ClientSecret": "",
"SignedOutCallbackPath": "/signout/B2C_1_signupsignin"
},
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx.onmicrosoft.com",
"TenantId": "xxx",
"ClientId": "xxxx",
"ClientSecret": "xxx",
"CallbackPath": "/signin-oidc"
},
In startup.cs file in ConfigureServices, we need to add two sections for .AddAuthentication, one for Entra ID and one for AzureAdB2C. From Azure AD or Azure AD B2C one will be default authentication scheme which need to define either in startup.cs or in the controllers.
services.AddAuthentication()
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), "openid2")
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.AddAuthentication()
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAdB2C"), "B2C", "cookiesB2C")
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("DownstreamB2CApi:Scopes")?.Split(' '))
.AddDownstreamWebApi("DownstreamB2CApi", Configuration.GetSection("DownstreamB2CApi"))
.AddInMemoryTokenCaches();
Now, to call different schemes, there would be two home controllers.
The one for B2C will now specify the authentication scheme in the Authorize attribute, as we have not defined any default scheme in Startup.cs.
Copy
[Authorize(AuthenticationSchemes = "B2C")]
public class HomeB2CController : Controller
{
//lines of code
}
If we specify default scheme in startup.cs as, services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) // default scheme is "OpenIdConnect" .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme)
Then we don't need to specify authentication scheme in Home controller of Entra ID, so providing in controller as
[Authorize(AuthenticationSchemes = "openid2")]
public class HomeController : Controller
{
lines of code
}
On application home page, you need to add both Entra ID and Azure AD B2C links to support both login with same page.
<a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Index">Home</a>
<a class="nav-link text-dark" asp-area="" asp-controller="HomeB2C" asp-action="Index">Sign-in B2C</a>
Reference - https://github.com/AzureAD/microsoft-identity-web/wiki/Multiple-Authentication-Schemes
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.