multi auth scheme: Prevent `HTTPContext.User` from being overwritten?
lvde0 opened this issue · comments
lvde0 commented
I am using a multi auth scheme in my Blazor application:
services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options => options.EventsType = typeof(CookieAuthEvents));
services
.AddAuthentication()
.AddMicrosoftIdentityWebApp(
configuration.GetSection("AzureAD"),
openIdConnectScheme: OpenIdConnectDefaults.AuthenticationScheme,
//https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes#cookie-schemes
cookieScheme: null)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(configuration.GetSection("GraphApi"))
.AddInMemoryTokenCaches();
The first cookie scheme is used to sign-in the user with the app. The second scheme is used to perform Graph calls later (optional) and should not be used to identify the user for the application. However, after I logged in with my Microsoft Account (via ConsentHandler
) and it redirects back to my application it always overwrites my HttpContext.User
:
try
{
var me = await GraphServiceClient.Me.GetAsync(
c => c.Options.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme));
}
catch (Exception e)
{
ConsentHandler.HandleException(e);
}
// HttpContext.User + Claims are overwritten
Is there a way to prevent this? Or somehow manage multiple user identities in parallel?