This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 54%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
I have added two authentication AzureAD and AzureB2c in mvc core3.1 using microsoft.identity.ui & web packages.
I am able to call challenge both schemes but after login -in successfully my controller postback action method is not executing even though azure b2c azure ad service hitting this methods .
public void ConfigureServices(IServiceCollection services)
{
var initialScopes = Configuration.GetValue
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Thanks for reaching out.
Thanks for reaching out. I understand you are trying to setup both Entra ID and Azure AD B2C in your application.
This can be achieved using Multiple authentication schemes which allow you to add several authentication schemes in one application.
You can add both the application configurations in the appsettings.json file one for Entra ID (application registered in Entra ID tenant) and another one for Azure AD B2C (application registered in Entra ID B2C tenant).
{
"AzureAdB2C": {
"Instance": "https://xxx.b2ctenant.com",
"ClientId": "xxxxx",
"Domain": "xxx.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_signupsignin",
"CallbackPath": "/authentication/login-callback",
"ClientSecret": "",
"SignedOutCallbackPath": "/signout/B2C_1_signupsignin"
},
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx.onmicrosoft.com",
"TenantId": "xxx",
"ClientId": "xxxx",
"ClientSecret": "xxx",
"CallbackPath": "/signin-oidc"
},
In startup.cs file in ConfigureServices, we need to add two sections for .AddAuthentication, one for Entra ID and one for AzureAdB2C. From Azure AD or Azure AD B2C one will be default authentication scheme which need to define either in startup.cs or in the controllers.
services.AddAuthentication()
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), "openid2")
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.AddAuthentication()
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAdB2C"), "B2C", "cookiesB2C")
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("DownstreamB2CApi:Scopes")?.Split(' '))
.AddDownstreamWebApi("DownstreamB2CApi", Configuration.GetSection("DownstreamB2CApi"))
.AddInMemoryTokenCaches();
Now, to call different schemes, there would be two home controllers.
The one for B2C will now specify the authentication scheme in the Authorize attribute, as we have not defined any default scheme in Startup.cs.
Copy
[Authorize(AuthenticationSchemes = "B2C")]
public class HomeB2CController : Controller
{
//lines of code
}
If we specify default scheme in startup.cs as, services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) // default scheme is "OpenIdConnect" .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"), OpenIdConnectDefaults.AuthenticationScheme)
Then we don't need to specify authentication scheme in Home controller of Entra ID, so providing in controller as
[Authorize(AuthenticationSchemes = "openid2")]
public class HomeController : Controller
{
lines of code
}
On application home page, you need to add both Entra ID and Azure AD B2C links to support both login with same page.
<a class="nav-link text-dark" asp-area="" asp-controller="Home" asp-action="Index">Home</a>
<a class="nav-link text-dark" asp-area="" asp-controller="HomeB2C" asp-action="Index">Sign-in B2C</a>
Reference - https://github.com/AzureAD/microsoft-identity-web/wiki/Multiple-Authentication-Schemes
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
I don't want to create two controller , my requirement is to call this from one action method using the parameter.
Here is my startup.cs file.
public void ConfigureServices(IServiceCollection services)
{
var initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
services.AddControllersWithViews();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.HandleSameSiteCookieCompatibility();
});
services.AddAuthentication()
//.AddCookie()
.AddMicrosoftIdentityWebApp(
Configuration.GetSection("Internal"), "Internal",null)
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("DownstreamApi: Scopes")?.Split(' '))
// .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.AddAuthentication()
.AddMicrosoftIdentityWebApp(
Configuration.GetSection("External"), "External", "ExternalCookies")
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("DownstreamB2CApi:Scopes")?.Split(' '))
// .AddDownstreamApi("DownstreamB2CApi", Configuration.GetSection("DownstreamB2CApi"))
.AddInMemoryTokenCaches();
services.AddSession();
services.AddRazorPages()
.AddMicrosoftIdentityUI();
}
in Controller
public ActionResult SetSingleSignOn(bool isPartner, string returnUrl = null)
{
if (isPartner)
{
try
{
if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
{
// redirect = returnUrl;
}
else
{
returnUrl = Url.Content("~/")!;
}
return Challenge(new AuthenticationProperties { RedirectUri = returnUrl }, "External");
}
catch (Exception ex)
{
_logger.LogError("AccountController:SingleSignOn :: Error occured while initiating SSO Signin. # Exception Message : {0}", ex.Message);
}
}
else
{
try
{
if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
{
// redirect = returnUrl;
}
else
{
returnUrl = Url.Content("~/")!;
}
return Challenge(new AuthenticationProperties { RedirectUri = returnUrl }, "Internal");
}
catch (Exception ex)
{
_logger.LogError("AccountController:SingleSignOn :: {0}", ex.StackTrace);
}
}
}
Hi Shewta Mathur,
My login is working, but when after sign-in i want to redirect my custom controller action method to create cookies by reading claims. its not working.
See below code; in App setting my callback path is controller action method, its not hitting this after successful login.
Startup.cs file:
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
//options.Secure = true;
// Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
options.HandleSameSiteCookieCompatibility();
});
services.AddAuthentication()
//.AddCookie("InternalCookies")
.AddMicrosoftIdentityWebApp(
Configuration.GetSection("Internal"), "Internal", null)
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("DownstreamApi: Scopes")?.Split(' '))
.AddInMemoryTokenCaches();
services.Configure<OpenIdConnectOptions>("Internal", options =>
{
});
services.AddAuthentication()
//.AddCookie("ExternalCookies")
.AddMicrosoftIdentityWebApp(
Configuration.GetSection("External"), "External",null)
.EnableTokenAcquisitionToCallDownstreamApi(Configuration.GetValue<string>("DownstreamB2CApi:Scope")?.Split(' ')).AddInMemoryTokenCaches();
services.Configure<OpenIdConnectOptions>("External", options =>
{
});
services.AddSession();
// services.Configure<ReverseProxyOptions>(Configuration.GetSection("ReverseProxy"));
services.AddKendo();
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<ICommonAPIClient, CommonAPIClient>();
services.AddSingleton<IHttpClient, StandardHttpClient>();
services.AddTransient<IEserviceApiClient, EserviceApiClient>();
services.AddTransient<IMchpApiClient, MchpApiClient>();
services.AddTransient<IAppUserApiClient, AppUserApiClient>();
services.Configure<AppSettings>(Configuration);
var appSetting = services.BuildServiceProvider().GetService<IOptionsSnapshot<AppSettings>>();
CustomConfigHelper.SetStaticParameters(appSetting);
// services.AddAuthentication(op => op.DefaultScheme = "Internal");
}
My app setting:
"External": {
"Instance": "https://<>",
"ClientId": "XXX",
"SignedOutCallbackPath": "/signout/b2c_1a_signup_signin",
"CallbackPath": "/SSO/GetToken",
"SignUpSignInPolicyId": "b2c_1a_signup_signin",
"ClientSecret": "kkkk"
},
"Internal": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "xxx.com",
"TenantId": "xx",
"ClientId": "2ddd",
"CallbackPath": "/SSO/Index",
"SignedOutCallbackPath ": "/SignoutCallbackOidc",
"ClientSecret": "ddd"
},