public async Task <IActionResult> AddOrUpdate(string scheme, string entityId)
{
IdentityProviderConfiguration identityProviderConfiguration =
new IdentityProviderConfiguration
{
EntityId = entityId
};
await this.samlSchemeGenerator.AddOrUpdate(scheme, identityProviderConfiguration);
return(Redirect("/"));
}
public async Task AddOrUpdate(string scheme, IdentityProviderConfiguration identityProviderConfiguration)
{
if (await this.schemeProvider.GetSchemeAsync(scheme) == null)
{
this.schemeProvider.AddScheme(new AuthenticationScheme(scheme, scheme, typeof(SamlAuthenticationHandler)));
}
else
{
this.optionsCache.TryRemove(scheme);
}
this.optionsCache.TryAdd(
scheme,
new SamlAuthenticationOptions {
IdentityProviderConfiguration = identityProviderConfiguration
}
);
}
public SamlService(
IHttpRedirectBinding httpRedirectBinding,
IHttpArtifactBinding httpArtifactBinding,
ISaml2MessageFactory saml2MessageFactory,
ICertificateProvider certificateProvider,
ISamlProvider samlProvider,
ISaml2Validator saml2Validator,
Saml2Configuration saml2Configuration)
{
_httpRedirectBinding = httpRedirectBinding;
_httpArtifactBinding = httpArtifactBinding;
_saml2MessageFactory = saml2MessageFactory;
_certificateProvider = certificateProvider;
_samlProvider = samlProvider;
_saml2Validator = saml2Validator;
_saml2Configuration = saml2Configuration;
_identityProviderConfiguration = saml2Configuration.IdentityProviderConfiguration;
_serviceProviderConfiguration = saml2Configuration.ServiceProviderConfiguration;
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddApplicationInsightsTelemetry();
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton <IConfiguration>(Configuration);
services.AddOptions();
services.Configure <IdentityProviderConfiguration>(options =>
{
Configuration.GetSection("azuread").Bind(options);
IdentityProviderConfiguration.Validate(options);
});
services.Configure <SearchConfiguration>(options =>
{
Configuration.GetSection("search").Bind(options);
SearchConfiguration.Validate(options);
});
services.Configure <CosmosConfiguration>(options =>
{
Configuration.GetSection("documents").Bind(options);
CosmosConfiguration.Validate(options);
});
services.Configure <StorageConfiguration>((config) =>
{
Configuration.GetSection("storage").Bind(config);
StorageConfiguration.Validate(config);
});
services.Configure <BatchConfiguration>((config) =>
{
Configuration.GetSection("batch").Bind(config);
BatchConfiguration.Validate(config);
});
services.Configure <AppInsightsConfiguration>((config) =>
{
Configuration.GetSection("applicationinsights").Bind(config);
AppInsightsConfiguration.Validate(config);
});
var armTemplatesMap = new ArmTemplatesMap();
services.AddSingleton(armTemplatesMap);
var staticAssetsMap = new StaticAssetsMap();
services.AddSingleton(staticAssetsMap);
services.AddMemoryCache();
//services
// .AddAuthentication(options =>
// {
// options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
// options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
// })
// .AddJwtBearer(options =>
// {
// options.Audience = Configuration["azureADConfig:clientId"];
// options.Authority = Configuration["azureADConfig:authority"];
// options.Events = new JwtBearerEvents
// {
// OnMessageReceived = FetchAuthTokenFromCookie,
// OnTokenValidated = async context =>
// {
// var principal = context.Principal;
// var ODREmailList = Configuration["ODRAdminList"].Split(";");
// }
// };
// });
//services
// .AddAuthentication(options =>
// {
// options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
// })
// .AddJwtBearer(options =>
// {
// options.Audience = Configuration["azureADConfig:clientId"];
// options.Authority = Configuration["azureADConfig:authority"];
// options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
// {
// ValidAudience = Configuration["azureADConfig:clientId"],
// ValidIssuer = $"https://login.microsoftonline.com/" + Configuration["azureADConfig:tenantId"] + "/v2.0"
// };
// options.Events = new JwtBearerEvents
// {
// OnMessageReceived = FetchAuthTokenFromCookie,
// //OnTokenValidated = async context =>
// //{
// // var principal = context.Principal;
// // if (Configuration.GetChildren().Any(item => item.Key == "ODRAdminList") && principal.Claims.Any(c => c.Type == "preferred_username"))
// // {
// // var ODRAdminsList = Configuration["ODRAdminList"].Split(";").ToList();
// // var testSubject = principal.Claims.FirstOrDefault(c => c.Type == "preferred_username").Value;
// // if (ODRAdminsList.Contains(testSubject))
// // {
// // var claims = new List<Claim>
// // {
// // new Claim(ClaimTypes.Role, "ODRAdmin")
// // };
// // var appIdentity = new ClaimsIdentity(claims);
// // principal.AddIdentity(appIdentity);
// // }
// // }
// //}
// };
// });
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
var tenantName = Configuration["AzureAD:Tenant"].Split('.').First();
var policyName = Configuration["AzureAD:Policy"];
var audience = Configuration["AzureAD:Audience"];
options.MetadataAddress = $"https://{tenantName}.b2clogin.com/{tenantName}.onmicrosoft.com/{policyName}/v2.0/.well-known/openid-configuration";
options.Audience = audience;
options.Events = new JwtBearerEvents
{
OnMessageReceived = FetchAuthTokenFromCookie,
OnAuthenticationFailed = context =>
{
var ctx = context;
return(Task.FromResult(0));
},
};
});
services.AddMvc();
services
.AddAuthorization(options =>
{
options.AddPolicy(PolicyNames.MustBeInAdminGroup, policy =>
{
var authorizedAdminUsers = Configuration["AuthorizedAdminUsers"];
policy.Requirements.Add(new AzureActiveDirectoryGroupRequirement(authorizedAdminUsers));
});
});
services.AddSingleton <IAuthorizationHandler, AzureActiveDirectoryGroupHandler>();
//if (CurrentEnvironment.IsDevelopment())
//{
// services.AddSingleton<IAuthorizationHandler, DevelopmentOnlyNoAuthDirectoryGroupHandler>();
//}
//else
//{
// services.AddSingleton<IAuthorizationHandler, AzureActiveDirectoryGroupHandler>();
//}
services.AddScoped <DatasetSearchService>();
services.AddScoped <UserDataSearchService>();
services.AddScoped <DatasetStorageService>();
services.AddScoped <AppInsightsService>();
services.AddScoped <UserDataStorageService>();
services.AddScoped <LicenseStorageService>();
services.AddScoped <SasTokenService>();
services.AddScoped <ValidationService>();
services.AddScoped <ApplicationJobs>();
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ui-app";
});
// Add Swagger generator
if (Configuration.GetValue <bool>("Application:EnableSwagger"))
{
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Swashbuckle.AspNetCore.Swagger.Info
{
Title = "MSR ODR Admin API",
Version = "v1"
});
});
}
}
/// <summary>
/// Adds the runtime services to the instance.
/// </summary>
/// <param name="services">The services.</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton <IConfiguration>(this.Configuration);
services.AddSingleton <ITelemetryInitializer, TelemetryUserAndSessionContext>();
services.AddApplicationInsightsTelemetry();
services.AddOptions();
services.Configure <IdentityProviderConfiguration>(options =>
{
Configuration.GetSection("azuread").Bind(options);
IdentityProviderConfiguration.Validate(options);
});
services.Configure <SearchConfiguration>(options =>
{
Configuration.GetSection("search").Bind(options);
SearchConfiguration.Validate(options);
});
services.Configure <CosmosConfiguration>(options =>
{
Configuration.GetSection("documents").Bind(options);
CosmosConfiguration.Validate(options);
});
services.Configure <StorageConfiguration>((config) =>
{
Configuration.GetSection("storage").Bind(config);
StorageConfiguration.Validate(config);
});
services.Configure <WebServerConfiguration>(options =>
{
Configuration.GetSection("webserver").Bind(options);
WebServerConfiguration.Validate(options);
});
services.Configure <BatchConfiguration>((config) =>
{
Configuration.GetSection("batch").Bind(config);
BatchConfiguration.Validate(config);
});
var armTemplatesMap = Configuration.GetSection("armTemplates").Get <ArmTemplatesMap>();
services.AddSingleton(armTemplatesMap);
var staticAssetsMap = Configuration.GetSection("staticAssets").Get <StaticAssetsMap>();
services.AddSingleton(staticAssetsMap);
services.AddMemoryCache();
services.AddCors(options =>
{
options.AddPolicy("DefaultPolicy",
builder => builder.AllowAnyOrigin()
.WithMethods("GET", "POST", "PUT", "DELETE")
.AllowAnyHeader()
.AllowCredentials());
});
services.AddResponseCompression(opt =>
{
opt.EnableForHttps = true;
});
services.AddMvc()
.AddMvcOptions(options =>
{
options.Filters.Add(new TelemetryExceptionFilter(new LoggerFactory()));
})
.AddJsonOptions(options =>
{
options.SerializerSettings.Converters.Add(new StringEnumConverter
{
CamelCaseText = true
});
});
services.AddScoped <DatasetSearchService>();
services.AddScoped <FileSearchService>();
services.AddScoped <DatasetStorageService>();
services.AddScoped <DatasetOwnersService>();
services.AddScoped <DatasetEditStorageService>();
services.AddScoped <UserDataStorageService>();
services.AddScoped <FileStorageService>();
services.AddScoped <LicenseStorageService>();
services.AddScoped <ValidationService>();
services.AddScoped <SasTokenService>();
services.AddScoped <GenerateFilePreview>();
services.AddScoped <CurrentUserService>();
services.AddScoped <ApplicationJobs>();
if (this.UseSwagger)
{
services.UseSwagger(this.Configuration);
}
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
var tenantName = Configuration["AzureAD:Tenant"].Split('.').First();
var policyName = Configuration["AzureAD:Policy"];
var audience = Configuration["AzureAD:Audience"];
options.MetadataAddress = $"https://{tenantName}.b2clogin.com/{tenantName}.onmicrosoft.com/{policyName}/v2.0/.well-known/openid-configuration";
options.Audience = audience;
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
var ctx = context;
return(Task.FromResult(0));
},
};
});
}
public IdpConfigurationProvider(
SamlAuthenticationOptions options
)
{
this.configuration = options.IdentityProviderConfiguration;
}
public Saml2MessageFactory(Saml2Configuration saml2Configuration)
{
_saml2Configuration = saml2Configuration;
_serviceProviderConfiguration = saml2Configuration.ServiceProviderConfiguration;
_identityProviderConfiguration = saml2Configuration.IdentityProviderConfiguration;
}
