Is it possible to wire up external authentication after application startup?

Question

As it is now, we add external authentication in ConfigureServices with somehting like

services.AddAuthentication(options =>
    {
        options.DefaultScheme = "Cookies";
        options.DefaultChallengeScheme = "oidc";
    })
    .AddCookie("Cookies")
    .AddOpenIdConnect(...

During startup, I retrieve all federation configurations (both Oidc and WsFed) and wire them up in ConfigureServices.

But imagine a multi-tennant scenario where new federation configurations are added as new clients are added. The only solution I know of is to recycle the application so the ConfigureServices can run again, retrieve the entries for required integrations and add a call for each. This would really be useful to be able to do without the restart requirement. Any ideas are welcome.

Answer 1

You can have multiple AddOpenIdConnect in an application, the most important thing you need to do is to make sure these URLs are different for each one:

  CallbackPath = new PathString("/signin-oidc");
  SignedOutCallbackPath = new PathString("/signout-callback-oidc");
  RemoteSignOutPath = new PathString("/signout-oidc");

However I don't know if you can dynamically add/remove handlers at runtime.

Answer 2

Yes you can add schema's dynamically, here is a sample https://github.com/aspnet/AuthSamples/tree/master/samples/DynamicSchemes its old code but still accurate. Make sure to do postconfigure steps as well, its explained here. Here is another good answer about this.