0

I'm trying to find a way to have multiple possibilities to authenticate against a controller method. The current way to authenticate against the API is through NTLM, because until now it was only possible to call the API from a windows machine. Now I also want to reach the API from a Linux server and have to use a different authentication method than NTLM (for example: use an API Key).

My question is: How can I register multiple methods for authentication and allow the request if at least one of these is successful?

Improve this question

1 Answer 1

Reset to default
1

It is possible to use multiple authentication schemes. I've used this to use both cookies and JWT together in same app. When multiple are configured, the Authorize attribute can specify which to use, for example:

[Authorize(AuthenticationSchemes = "Bearer,Cookies")]
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

But does this allow the call to pass if one of the two authentication options is met or only if all are met?
It's an "or" and passes if either of the methods succeed. I use this to authenticate web users with a cookie and API client requests with JWT.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.