Multiple OpenIdConnect authorization in .net core

问题

I have problem with having multiple OpenIdConnect authorization in .net core

What I want to achieve: Imagine 2 openid providers OpenID-Main, OpenID-Special; both returns id tokens, roles etc. Now Imagine most of the times I want my user to log through OpenID-Main, which is simple:

.AddOpenIdConnect("Main", "Main", options => {
              options.Authority = "OpenID-Main-url";
              options.ClientId = "OpenID-Main-d";
              options.ClientSecret = "OpenID-Main-secret";
//some other options
}

then i can just use [Authorize(AuthenticationSchemes = "Main")] Which just works fine Now for certain types of request i will require user to login to other provider (please don't argue aboat this approach, lets assume its something i have to do)

 .AddOpenIdConnect("Special", "Special", options => {
                  options.Authority = "OpenID-Special-url";
                  options.ClientId = "OpenID-Special-d";
                  options.ClientSecret = "OpenID-Special-secret";
    //some other options
    }

and then have both [Authorize(AuthenticationSchemes = "Main")] [Authorize(AuthenticationSchemes = "Special")] in one of my endponits So that, only user authorized both in Main & Special can execute request, and i can get idToken from Special.

I go errors like Corellation failed. I've tried to provide siddwewnr CorrelationCookie.Name, but with no success; Tried to override some base auth classes but also stuck and copying multiple code parts.

My questions are

1. Is it ever possible with Microsoft.AspNetCore.Authentication ?
2. How can I achieve it? Can I do proper CookieBuilder for second auth?
3. How can I manage this easily so that I can get idToken from second cookie?
4. Do I need to write whole handler/extensions/options like those for facebook/google?

--- EDIT ---

Solution for this for each provider Setup Unique Cookie, CallbackPath, Setup SinginScheme for Cookie per provider

.AddCookie($"Cookie{provider}") 
.AddOpenIdConnect($"Sign{provider}",o=>{
o.CallbackPath=$"/sign-{provider}";
o.SinginScheme=$"/Cookie{provider}";
})

Now each [Authorize] will have its own claims, so can't setup twice [Authorize], but can have main one, and do check manually

 var auth = await context.AuthenticateAsync($"Sign{provider}").ConfigureAwait(false);
if(auth==null){
await context.ChallengeAsync($"Sign{provider}").ConfigureAwait(false);
}

来源：https://stackoverflow.com/questions/47013455/multiple-openidconnect-authorization-in-net-core