I am adding Entra ID authentication to an existing ASP.NET Core web app and Web API with standard identity authentication.
Authentication is working. Calling a method on my API using DownstreamApi.CallApiForUserAsync is also working, but only if I set OpenId Connect as the default auth scheme.
When it is not the default auth scheme, then I get an error
Cannot determine the cloud Instance. The provided authentication scheme was ''. Microsoft.Identity.Web inferred 'Identity.Application' as the authentication scheme.
How do I specify the authentication scheme?
Relevant code (with variable and method names changed) - Startup:
builder.Services.AddAuthentication(/*OpenIdConnectDefaults.AuthenticationScheme*/)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(
builder.Configuration.GetSection("X:Scopes").Get<string[]>()
)
.AddInMemoryTokenCaches()
.AddDownstreamApi("X", builder.Configuration.GetSection("X"));
Controller method calling API:
[Authorize(AuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)]
[AuthorizeForScopes(ScopeKeySection = "X:Scopes")]
public async Task<string> GetSomething()
{
HttpResponseMessage response = await _downstreamApi.CallApiForUserAsync("X", options =>
{
options.RelativePath = "path/Something";
});
...
}
If the parameter is provided in the call to AddAuthentication, it works, if not, I get the error mentioned above.
You could read this document for Microsoft.Identity.Web
it requires OpenIdConnectDefaults.AuthenticationScheme as parameter
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
If you want to specify the authentication scheme,you may try:
services.AddAuthentication("MyAuthenticationScheme")
.AddMicrosoftIdentityWebApp(Configuration,
openIdConnectAuthenticationScheme: "MyAuthenticationScheme");