Using multiple authentication schemes in asp net core 3 1


ASP.NET is a popular language used for building web applications. One of the key of ASP.NET is its ability to support multiple authentication schemes. This allows developers to implement different authentication for different parts of their application, providing flexibility and enhanced .

Understanding Authentication Schemes

In ASP.NET, an authentication scheme is a way to authenticate users and grant them access to specific resources an application. Each authentication scheme has its own set of rules and mechanisms for verifying user identities.

By default, ASP.NET Core 3.1 supports several authentication schemes, cookie authentication, JWT (JSON Web Token) authentication, and OpenID Connect authentication. However, it is also possible to create custom authentication schemes to meet specific requirements.

Using Multiple Authentication Schemes

When building an application that requires different authentication methods for different parts, ASP.NET allows you to configure multiple authentication schemes. This can be achieved by using the AddAuthentication method in the ConfigureServices method of the class.

public void ConfigureServices(IServiceCollection )
        .AddCookie("CookieScheme", options =>
            // Configure cookie authentication options
        .AddJwtBearer("JwtScheme", options =>
            // Configure JWT authentication options
        .AddOpenIdConnect("OpenIdScheme", options =>
            // Configure OpenID Connect authentication options

In the above example, we have configured three authentication schemes: CookieScheme, JwtScheme, and OpenIdScheme. Each scheme is associated with a specific authentication method, such as cookie authentication, JWT authentication, or OpenID Connect authentication.

Applying Authentication Schemes to Controllers or Actions

Once the authentication schemes are configured, we can apply them to controllers or actions within our application. This can be done using the [Authorize] , which specifies the authentication scheme(s) required to access a particular controller or action.

[Authorize(AuthenticationSchemes = "CookieScheme")]
public class HomeController : Controller
    // Actions within this controller require cookie authentication

[Authorize(AuthenticationSchemes = "JwtScheme, OpenIdScheme")]
public class AdminController : Controller
    // Actions within this controller require JWT or OpenID Connect authentication

In the above example, the HomeController requires cookie authentication, while the AdminController requires either JWT or OpenID Connect authentication. By specifying the authentication scheme(s) in the [Authorize] attribute, we can control the access to different parts of our application.


Using multiple authentication schemes in ASP.NET Core 3.1 allows developers to implement different authentication methods for different parts of their application. This provides flexibility and enhanced security. By configuring and applying authentication schemes appropriately, developers can ensure that only authorized users can access specific resources within their application.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents