How to Configure Azure AD and Azure AD B2C Together as JWT Authentication Providers in ASP.NET Core?

I am trying to configure dual JWT authentication in my ASP.NET Core Web API.

My API should accept tokens from:

Azure AD B2C

Azure AD (Entra ID)

I use a PolicyScheme (DualAuth) to auto-detect which token is being used based on the JWT issuer.

services .AddAuthentication("DualAuth") // 1. Azure AD B2C .AddJwtBearer("AzureAdB2cAuth", options => { options.Audience = configuration["AzureAdB2c:Audience"]; options.Authority = configuration["AzureAdB2c:Authority"]; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateIssuerSigningKey = false, ValidateLifetime = true, ValidIssuer = configuration["AzureAdB2c:Issuer"], ValidAudience = configuration["AzureAdB2c:Audience"], }; }) // 2. Azure AD (Entra ID) .AddJwtBearer("AzureAdAuth", options => { options.Audience = configuration["AzureAd:Audience"]; options.Authority = configuration["AzureAd:Authority"]; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateIssuerSigningKey = true, ValidateLifetime = true, ValidIssuer = configuration["AzureAd:Issuer"], ValidAudience = configuration["AzureAd:Audience"], }; }) // 3. Policy Scheme to route token to correct handler .AddPolicyScheme("DualAuth", "DualAuth", options => { options.ForwardDefaultSelector = context => { string authorization = context.Request.Headers[HeaderNames.Authorization]; if (!string.IsNullOrEmpty(authorization) && authorization.StartsWith("Bearer ")) { var token = authorization.Substring("Bearer ".Length).Trim(); var handler = new JwtSecurityTokenHandler(); if (handler.CanReadToken(token)) { var jwt = handler.ReadJwtToken(token); var issuer = jwt.Issuer; if (issuer.Equals(configuration["AzureAdB2c:Issuer"], StringComparison.OrdinalIgnoreCase)) return "AzureAdB2cAuth"; } } return "AzureAdAuth"; // fallback }; }); services.AddAuthorization(options => { var commonPolicy = new AuthorizationPolicyBuilder("AzureAdB2cAuth", "AzureAdAuth") .RequireAuthenticatedUser() .Build(); options.AddPolicy("DualAuth", commonPolicy); }); "AzureAdB2c": { "Issuer": "https://{mydomain.com}/tenantId/v2.0/", "Audience": "client-id", "Authority": "https://{mydomain.com}/4a653a75-4f63-47d8-8705-fdb979d9e578/v2.0/" }, "AzureAd": { "Issuer": "https://sts.windows.net/tenantid/", "Audience": "api://client-id", "Authority": "https://login.microsoftonline.com/tenantid" }

Azure AD (Entra ID) authentication works correctly, but Azure AD B2C tokens are consistently rejected. Any additional insights, corrections, or working sample code would be greatly appreciated.