Giters

AzureAD / microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

multi auth scheme: Prevent `HTTPContext.User` from being overwritten?

lvde0 opened this issue · comments

commented

I am using a multi auth scheme in my Blazor application:

  services
      .AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
      .AddCookie(options => options.EventsType = typeof(CookieAuthEvents));

  services
      .AddAuthentication()
      .AddMicrosoftIdentityWebApp(
          configuration.GetSection("AzureAD"),
          openIdConnectScheme: OpenIdConnectDefaults.AuthenticationScheme,
          //https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes#cookie-schemes
          cookieScheme: null)
      .EnableTokenAcquisitionToCallDownstreamApi()
      .AddMicrosoftGraph(configuration.GetSection("GraphApi"))
      .AddInMemoryTokenCaches();

The first cookie scheme is used to sign-in the user with the app. The second scheme is used to perform Graph calls later (optional) and should not be used to identify the user for the application. However, after I logged in with my Microsoft Account (via ConsentHandler) and it redirects back to my application it always overwrites my HttpContext.User:

 try
 {
 var me = await GraphServiceClient.Me.GetAsync(
     c => c.Options.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme));

 }
 catch (Exception e)
 {
     ConsentHandler.HandleException(e);
 }

// HttpContext.User + Claims are overwritten

Is there a way to prevent this? Or somehow manage multiple user identities in parallel?

Originally posted by @lvde0 in #2814