I am migrating a legacy .NET application to .NET 8, where authentication is being moved from a local identity database to Azure AD B2C. Here, I first check on Azure AD B2C. If the user isn't available, I check in the local database and then migrate the user from the local database to Azure AD B2C.
To implement Azure AD B2C authentication, I have configured authentication in the Program class.
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(options =>
{
Configuration.Bind("AzureAdB2C", options);
},
options => { Configuration.Bind("AzureAdB2C", options); });
Additionally, I am using the built-in Identity Provider and UserManager for authentication against the local identity database.
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetValue<string>("ConnectionStrings:DefaultConnection")));
services.AddIdentity<IdentityUser, IdentityRole>(options =>
{
options.User.RequireUniqueEmail = false;
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
I authenticate users for Azure AD B2C using the SignUpSignIn user flow. In my AuthController.cs API, the login endpoint handles user authentication.
[HttpPost("login")]
[AllowAnonymous]
public async Task<IActionResult> Login(UserCredentials model)
{
if (ModelState.IsValid)
{
var user = _userManager.Users.FirstOrDefault(x => x.Email == model.Email);
if (user != null && await _userManager.CheckPasswordAsync(user, model.Password))
{
return Ok();
}
}
return Unauthorized();
}
After Authenticating successfully with Azure AD B2C, subsequent requests to access protected resources are failing with the following exception.
HttpRequestException: Invalid status code in the HttpResponseMessage: NotFound.
TodoListClient.Services.TodoListService.GetAsync() in TodoListService.cs
throw new HttpRequestException($"Invalid status code in the HttpResponseMessage: {response.StatusCode}.");
TodoListClient.Controllers.TodoListController.Index() in TodoListController.cs
This exception occurs with subsequent requests when a user is successfully logged in via Azure AD B2C.
I followed this documentation in Microsoft Configure authentication in sample web app, and the only additional configuration I made was adding the identity service to the web API. However, when both Azure AD B2C authentication and the Identity authentication service are configured together in the program, I encounter issues. Is there a specific way to configure these services together, or is there a limitation in using them simultaneously?
I was able to figure out the answer to my own question. This issue arises because having both configurations active may lead to confusion about which authentication method to use for API requests.
An easier way to handle this situation is to choose a single authentication provider. In my case, I kept for Azure AD B2C to handle all authentication requirements and removed the
services.AddIdentityconfiguration. Additionally, I created a separate project to handle the Identity database (AddIdentity).Suggestions: If anyone encounters this issue and if both providers are necessary, implement a mechanism to choose the appropriate provider based on specific criteria (e.g., request origin, user type). However, this requires a more complex setup and careful handling of authentication logic throughout the application, which can produce unnecessary overhead.