// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var graphOptions = new MSGraphOptions();
Configuration.Bind("MSGraph", graphOptions);
services.AddSingleton(graphOptions);
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(graphOptions.GraphClientId)
.WithTenantId(graphOptions.TenantID)
.WithClientSecret(graphOptions.GraphClientSecret)
.Build();
var mSGraphauthProvider = new ClientCredentialProvider(confidentialClientApplication, "https://graph.microsoft.com/.default");
services.AddSingleton(mSGraphauthProvider);
services.AddHttpClient <IMSGraphServiceClientAdaptor, MSGraphServiceClientAdaptor>(PolicyNames.GraphHttpClient)
.AddPolicyHandler(HttpPolicies.GetRetryPolicy());
services.AddSingleton <IMSGraphServiceClientAdaptor, MSGraphServiceClientAdaptor>();
services.AddControllers();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// inject msgraph client as transient to make sure bearer token is always renewed
services.AddTransient(provider =>
{
var options = new MSGraphOptions();
Configuration.Bind("MicrosoftGraph", options);
var client = new MSGraphClient(options);
return(client);
});
// add AADB2C authentication
services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
.AddAzureADB2CBearer(
AzureADB2CDefaults.BearerAuthenticationScheme,
AzureADB2CDefaults.JwtBearerAuthenticationScheme,
options => { Configuration.Bind("AzureAdB2C", options); });
// configure identity post token validation to retrieve user roles and add them to identity claims
services.PostConfigure <JwtBearerOptions>(AzureADB2CDefaults.JwtBearerAuthenticationScheme,
options =>
{
options.Events = new JwtBearerEvents
{
OnTokenValidated = async context =>
{
// get AADB2C identity by client ID
var applicationId = Configuration["AzureAdB2C:ClientId"];
var identity = context.Principal.Identities.First(o => o.HasClaim("aud", applicationId));
// get authenticated user ID
var subjectId = identity.FindFirst(ClaimTypes.NameIdentifier).Value;
// query user roles
var client = _serviceProvider.GetRequiredService <MSGraphClient>();
var roles = await client.GetUserRolesAsync(subjectId);
// add roles to identity's claims collection with the right type
foreach (var role in roles)
{
var roleClaim = new Claim(identity.RoleClaimType, role);
identity.AddClaim(roleClaim);
}
}
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// save DI container reference
_serviceProvider = services.BuildServiceProvider();
}
