1

I am using both Auth0 forlogin and Asp.net core webapi identity (Front end-Reactjs and backend=Asp.net core webapi) and using an [Authorize] attribute, By default, it is taking identity authentication and it's redirecting to the Account/Login page Even though I add the default authentication as JwtBearerDefaults in the configuration services

Note: Auth0 authentication is working when I use the [Authorize] attribute in a different solution without identity but when I implement identity as well then [Authorize] working for identity only not for Auth0

Should restrict URL going to Account/Login by default in Asp.net core web API when using identity and accept Auth0 authentication by default

The below code is working for me without using asp.net core identity

Configureservices

    services.AddAuthentication(options =>
            {
                
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
               
            }).AddJwtBearer(options =>
            {
                options.Authority = "https://xxxxxx.uk.auth0.com";
                options.Audience = "xxxxx";
            };

Controller


 [HttpGet]
       [Authorize]
        public IList<UserDto> Get()
        {
            return _userService.GetUsers();
        }

Expecting: By default Auth0 authentication should happen even though if I use Asp.net core web API Identity

Kalana
  • 5,631
  • 7
  • 30
  • 51
Nithin
  • 11
  • 1
  • Check [this](https://auth0.com/docs/quickstart/backend/aspnet-core-webapi/01-authorization) – Kalana Nov 25 '22 at 15:22
  • Have tried this.its working for me without using identity.but when using with identity it's not working – Nithin Nov 25 '22 at 17:34
  • Did you add two [Authorize]? One for Auth0 and other for Identity – Kalana Nov 25 '22 at 18:49
  • No have added one [Authorize] only. – Nithin Nov 26 '22 at 06:25
  • Add two [Authorization]s. One for Auth0. Other for Identity – Kalana Nov 26 '22 at 17:58
  • Where to add this Authorization whether in configuration service by adding jwt and cookiebased authentication...?or is there any other place to add this.could u pls brief about this. – Nithin Nov 26 '22 at 19:17
  • Is there any way to restrict the default identity authentication...? – Nithin Nov 26 '22 at 19:18
  • I can give you authorization using only Auth0 if you want bcz I don't know why you try to use both identity and Auth0, while you can use only Auth0. – Kalana Nov 27 '22 at 12:55
  • Also, can you share the whole code of `Configureservices`. Then I can point out what was missing – Kalana Nov 27 '22 at 13:13
  • It's a client requirement need to use both auth0(for login-generating token) and identity to save data in dd.pls give me Authorization using only auth0.i ll take a look on tat – Nithin Nov 27 '22 at 13:15

1 Answers1

0

For the Auth0 Authentication Startup.cs should manage like this

ConfigureServices

services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

            }).AddJwtBearer(options =>
            {
                options.Authority = "https://<Your-Domain>.auth0.com/"
                options.Audience =<Client ID>
            });

Configure

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();
            app.UseCors("AllowAnyCorsPolicy");

            app.UseHttpsRedirection();

            app.UseAuthentication();
            app.UseRouting();
            app.UseAuthorization();

            app.UseDefaultFiles();
            app.UseStaticFiles();
            app.UseStaticFiles(new StaticFileOptions { RequestPath = "/build" });

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
                endpoints.MapFallbackToFile("index.html", new StaticFileOptions
                {
                    OnPrepareResponse = x =>
                    {
                        var httpContext = x.Context;
                        var path = httpContext.Request.RouteValues["path"];
                        // now you get the original request path
                    }
                });
            });
        }

For the further knowledge follow below threads

  1. https://learn.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-7.0
  2. Using multiple authentication schemes in ASP.NET Core 3.1?
  3. ASP.NET Core 6 : add multiple authentication schemes with multiple authorization policies along with dependency injection
Kalana
  • 5,631
  • 7
  • 30
  • 51
  • Your below refernece Thread is worked for me .Thanks u so much for ur support and valuable time- https://stackoverflow.com/questions/62322812/using-multiple-authentication-schemes-in-asp-net-core-3-1 – Nithin Nov 29 '22 at 08:06
  • Happy to help you. While your question is related to the mentioned thread, I will mark this question as duplicate. Then the future users will find out this thread as a helpful one – Kalana Nov 30 '22 at 05:04