using different authentication schemes

Question

i'm stucked on a problem and i don't know how to solve it.

i want to add two different JWT authorization methods to my API. don't ask me why, reasons.

in my startup.cs i added

services.AddAuthentication()
    .AddJwtBearer("firstJwt", options =>
    {
        options.Audience = "FirstProtectedApi";
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("mySecret")),
            ValidIssuer = "WebApiTest",
            ValidateAudience = true,
            ValidateLifetime = true,
            ClockSkew = TimeSpan.FromMinutes(1)
        };
    })
    .AddJwtBearer("secondJwt", options =>
    {
        options.Audience = "SecondProtectedApi";
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("mySecret")),
            ValidIssuer = "WebApiTest",
            ValidateAudience = true,
            ValidateLifetime = true, 
            ClockSkew = TimeSpan.FromMinutes(1)
        };
    });

services
    .AddAuthorization(options =>
    {
        options.DefaultPolicy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .AddAuthenticationSchemes("FirstProtectedApi", "SecondProtectedApi")
            .Build();  
    });

and this code should work.

my problem now is, in the controller. i have, for testing purpose, two different logins. how do i call the first or the second authentication schemes on login so that i can navigate to protected routes only available to FirstProtectedApi or SecondProtectedApi?

even some documentation would be awesome!

thanks a lot!

score 0 · Accepted Answer · answered Apr 27 '21 at 07:57

services
    .AddAuthorization(options =>
    {
        options.DefaultPolicy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .AddAuthenticationSchemes("FirstProtectedApi", "SecondProtectedApi")
            .Build();  
    });

When using the AddAuthenticationSchemes() method, the params should be the authentication scheme, so change the above code as below:

        services.AddAuthorization(options =>
        {
            options.DefaultPolicy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .AddAuthenticationSchemes("firstJwt", "secondJwt")
                .Build();
        });

my problem now is, in the controller. i have, for testing purpose, two different logins. how do i call the first or the second authentication schemes on login so that i can navigate to protected routes only available to FirstProtectedApi or SecondProtectedApi?

In the controller, if you want to use the special scheme, you could use the [Authorize] attribute's AuthenticationSchemes property. Or you can create policy for each scheme, the use the [Authorize] attribute's Policy property. Code like this:

    [HttpGet]
    [Authorize(AuthenticationSchemes = "secondJwt")]
    public IEnumerable<string> Get()

More detail information, you could refer the following links:

Use multiple JWT Bearer Authentication

ASP.NET Core Using Multiple Authentication Methods

Use multiple authentication schemes

thank you! i was banging my head and couldn't find a solution! thank you for the links as well, time to study! :D — ChristmasFighters, Apr 27 '21 at 09:07

using different authentication schemes

1 Answers1