// This method works specifically for single tenant application.
private static void RegisterAuthenticationServices(
IServiceCollection services,
IConfiguration configuration)
{
AuthenticationServiceCollectionExtensions.ValidateAuthenticationConfigurationSettings(configuration);
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
.AddJwtBearer(options =>
{
var azureADOptions = new AzureADOptions();
configuration.Bind("AzureAd", azureADOptions);
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration),
ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration),
AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator,
};
options.Events = new JwtBearerEvents
{
OnTokenValidated = async context =>
{
var tokenAcquisition = context.HttpContext.RequestServices.GetRequiredService <TokenAcquisitionHelper>();
context.Success();
// Adds the token to the cache, and also handles the incremental consent and claim challenges
var jwtToken = AuthenticationHeaderValue.Parse(context.Request.Headers["Authorization"].ToString()).Parameter;
await tokenAcquisition.AddTokenToCacheFromJwtAsync(configuration[AuthenticationServiceCollectionExtensions.GraphScopeConfigurationSettingsKey], jwtToken);
await Task.FromResult(0);
},
};
});
}
private static IEnumerable <string> GetValidIssuers(IConfiguration configuration)
{
var tenantId = configuration[AuthenticationServiceCollectionExtensions.TenantIdConfigurationSettingsKey];
var validIssuers =
AuthenticationServiceCollectionExtensions.GetSettings(
configuration,
AuthenticationServiceCollectionExtensions.ValidIssuersConfigurationSettingsKey);
validIssuers = validIssuers.Select(validIssuer => validIssuer.Replace("TENANT_ID", tenantId, StringComparison.OrdinalIgnoreCase));
return(validIssuers);
}
