How can I make these two authentication pathways not conflict?
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration);
builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration)
.EnableTokenAcquisitionToCallDownstreamApi(new string[] { "User.Read" })
.AddInMemoryTokenCaches();
Right now, the one on the bottom is the only one that works. With the Identity Web on the bottom, the sign in page appears and works. With the token on the bottom, the daemon app works without the sign in page.
What have I tried? I have found this question, which is very similar to my use case, but I do not understand it enough to apply it to my problem.
How to Add JwtBearer along with AddMicrosoftIdentityWebAppAuthentication
Solution! Decorate controllers as needed with this attribute.
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
The code I have above did not require a change.
ASP.NET core supports having multiple authentication schemes. One of them would be the default.
The AuthorizeAttribute supports specifying the AuthenticationSchemes you want to use. If you don't specify the the authentication scheme in the attribute, it will use the default scheme.