I want to write a Blazor app that uses the IP address to decide between the OpenId Connect authentication method, and Windows authentication with Active Directory.
I need Windows authentication for use from the intranet and Oidc for use from the internet.
The method used to identify the IP address is irrelevant here.The website runs on IIS.
I have already tried something like this:
.AddPolicyScheme("SmartAuth", "SmartAuth", o => { o.ForwardDefaultSelector = context => { var hasCookie = context.Request.Cookies.ContainsKey(".AspNetCore.Cookies"); if (hasCookie) return "Cookies"; return IpAwareChallengeHandler.IsInternal(context) ? IISDefaults.AuthenticationScheme : "Cookies"; }; }) .AddPolicyScheme("SmartChallenge", "SmartChallenge", o => { o.ForwardDefaultSelector = context => { var p = context.Request.Path; if (p.StartsWithSegments("/signin-oidc") || p.StartsWithSegments("/signout-callback-oidc")) return "oidc"; return IpAwareChallengeHandler.IsInternal(context) ? IISDefaults.AuthenticationScheme : "oidc"; }; });I need to check the negotiate afterwards with my custom requirement
builder.Services.AddAuthorizationBuilder() .AddPolicy("Access", p => p .AddAuthenticationSchemes(IISDefaults.AuthenticationScheme, NegotiateDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .AddRequirements(new UserRequirement()));