Skip to content

Mixing web app and web API in the same ASP.NET core app

Jump to bottom
pmaytak edited this page Dec 31, 2020 · 1 revision

You might want the same ASP.NET Core app to be both a web app and a web API. This requires supporting multiple authentication schemes, for instance OpenIdConnectDefaults.AuthenticationScheme and JwtBearerDefaults.AuthenticationScheme.

You'll probably want your web app and web API to have the same client ID, and therefore the configuration section name can be the same (for instance, "AzureAd").

When using Microsoft Identity Web, the configuration in Startup.cs can be setup like so:

 public void ConfigureServices(IServiceCollection services)
 {
  services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
              .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
                  .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
                      .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                      .AddInMemoryTokenCaches();

  services.AddAuthentication()
            .AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"),
                                        JwtBearerDefaults.AuthenticationScheme)
            .EnableTokenAcquisitionToCallDownstreamApi();

Getting started with Microsoft Identity Web

Token cache serialization

Web apps

Web APIs

Daemon scenario

Advanced topics

FAQ

News

Contribute

Other resources

Clone this wiki locally