public async Task <DocumentDiscoveryResult> GetAsync(string endpoint)
        {
            IJsonServiceClient client = new JsonServiceClient(appSettings.AuthRealm);

            string document;

            try
            {
                document = await client.GetAsync <string>(endpoint)
                           .ConfigureAwait(false);
            }
            catch (AggregateException exception)
            {
                foreach (var ex in exception.InnerExceptions)
                {
                    Log.Error($"Error occurred requesting document data from {endpoint}", ex);
                }
                return(null);
            }

            var configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration(document);

            return(new DocumentDiscoveryResult
            {
                AuthorizeUrl = configuration.AuthorizationEndpoint,
                IntrospectUrl = GetStringValue(document, "introspection_endpoint"),
                UserInfoUrl = configuration.UserInfoEndpoint,
                TokenUrl = configuration.TokenEndpoint,
                JwksUrl = configuration.JwksUri
            });
        }
        private async Task <System.Security.Claims.ClaimsPrincipal> ValidateAccessToken(string accessToken, ILogger log)
        {
            var audience     = _options.Value.Audience;
            var clientID     = _options.Value.ClientId;
            var tenant       = _options.Value.Tenant;
            var tenantid     = _options.Value.TenantId;
            var authority    = string.Format(System.Globalization.CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/v2.0", tenant);
            var validIssuers = new List <string>()
            {
                $"https://login.microsoftonline.com/{tenant}/",
                $"https://login.microsoftonline.com/{tenant}/v2.0",
                $"https://login.windows.net/{tenant}/",
                $"https://login.microsoft.com/{tenant}/",
                $"https://sts.windows.net/{tenantid}/"
            };

            // Debugging purposes only, set this to false for production
            Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

            Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configManager =
                new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>(
                    $"{authority}/.well-known/openid-configuration",
                    new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());

            Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration config = null;
            config = await configManager.GetConfigurationAsync();

            Microsoft.IdentityModel.Tokens.ISecurityTokenValidator tokenValidator = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();

            // Initialize the token validation parameters
            Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
            {
                // App Id URI and AppId of this service application are both valid audiences.
                ValidAudiences = new[] { audience, clientID },

                // Support Azure AD V1 and V2 endpoints.
                ValidIssuers      = validIssuers,
                IssuerSigningKeys = config.SigningKeys
            };

            try
            {
                Microsoft.IdentityModel.Tokens.SecurityToken securityToken;
                var claimsPrincipal = tokenValidator.ValidateToken(accessToken, validationParameters, out securityToken);
                return(claimsPrincipal);
            }
            catch (Exception ex)
            {
                log.LogInformation(ex.Message);
            }
            return(null);
        }
Beispiel #3
0
        private ManualValidadeToken()
        {
            string auth0Domain   = System.Configuration.ConfigurationManager.AppSettings["auth0Domain"];
            string auth0Audience = System.Configuration.ConfigurationManager.AppSettings["ida:Audience"];

            Microsoft.IdentityModel.Protocols.IConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configurationManager =
                new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>($"{auth0Domain}.well-known/openid-configuration", new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());
            Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration openIdConfig = AsyncHelper.RunSync(async() => await configurationManager.GetConfigurationAsync(CancellationToken.None));

            validationParameters = new TokenValidationParameters
            {
                ValidIssuer       = auth0Domain,
                ValidAudiences    = new[] { auth0Audience },
                IssuerSigningKeys = openIdConfig.SigningKeys
            };
            handler = new JwtSecurityTokenHandler();
        }