I have a requirement for multiple custom auth handlers in a .NET 6 application.
It should cater for API Key, OpenId and a custom implementation of JWT token validation. Would I just wire up a middleware pipeline to handle the authentication methods and then issue a new JWT token that my services would translate?
What would be the best approach to handle this?
CodePudding user response:
IN ASP.NET Core Authentication, you can register multiple authentication schemes that handle different methods used to authenticate a user. This way, you do not need to create a middleware and set up an artificial JWT.
In addition, you can set up authorization policies that correspond with the authentication schemes so that you can authorize access to parts of your API for specific schemes.
For details, see the first paragraph of this link. Specific info on authentication schemes is available in this paragraph.