Мобильная версияАутентификация сертификата для доступа к API наряду с аутентификацией OpenID ⇐ C#
-
Anonymous
Аутентификация сертификата для доступа к API наряду с аутентификацией OpenID
I am writing a small application in ASP.Net8 where I use AAD authentication so that I can easily manage access through AAD groups:
builder.Services .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration); builder.Services.AddAuthorization(options => { options.AddPolicy("Role_AdminPrivilege_Read", p => { p.RequireClaim("roles","AzureGroup_AdminPrivilege_Read"); }); }); This works fine, Controller can only be accessed by user with a specific policy through AAD groups. However, I also have to create an access to the API for the system account where I must use certificates because in Azure systems cannot be granted permissions like in on-premise AD.
The point is, I don't know how to start because when I add (https://learn.microsoft.com/en-us/aspne ... etcore-8.0):
builder.Services .AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme) .AddCertificate(); my first authentication is not working anymore, but what I want to accomplish is that /api uses certificates, any other routing uses the openID one.
Yesterday I spent some hours googeling but could not find a good example, or maybe my keywords are wrong.
Can someone help me and lead me to the right direction? I think a workaround would be just creating a new application only for the API, but this sound not very clever.
Источник: https://stackoverflow.com/questions/780 ... entication
I am writing a small application in ASP.Net8 where I use AAD authentication so that I can easily manage access through AAD groups:
builder.Services .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration); builder.Services.AddAuthorization(options => { options.AddPolicy("Role_AdminPrivilege_Read", p => { p.RequireClaim("roles","AzureGroup_AdminPrivilege_Read"); }); }); This works fine, Controller can only be accessed by user with a specific policy through AAD groups. However, I also have to create an access to the API for the system account where I must use certificates because in Azure systems cannot be granted permissions like in on-premise AD.
The point is, I don't know how to start because when I add (https://learn.microsoft.com/en-us/aspne ... etcore-8.0):
builder.Services .AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme) .AddCertificate(); my first authentication is not working anymore, but what I want to accomplish is that /api uses certificates, any other routing uses the openID one.
Yesterday I spent some hours googeling but could not find a good example, or maybe my keywords are wrong.
Can someone help me and lead me to the right direction? I think a workaround would be just creating a new application only for the API, but this sound not very clever.
Источник: https://stackoverflow.com/questions/780 ... entication
