// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { var graphOptions = new MSGraphOptions(); Configuration.Bind("MSGraph", graphOptions); services.AddSingleton(graphOptions); IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(graphOptions.GraphClientId) .WithTenantId(graphOptions.TenantID) .WithClientSecret(graphOptions.GraphClientSecret) .Build(); var mSGraphauthProvider = new ClientCredentialProvider(confidentialClientApplication, "https://graph.microsoft.com/.default"); services.AddSingleton(mSGraphauthProvider); services.AddHttpClient <IMSGraphServiceClientAdaptor, MSGraphServiceClientAdaptor>(PolicyNames.GraphHttpClient) .AddPolicyHandler(HttpPolicies.GetRetryPolicy()); services.AddSingleton <IMSGraphServiceClientAdaptor, MSGraphServiceClientAdaptor>(); services.AddControllers(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // inject msgraph client as transient to make sure bearer token is always renewed services.AddTransient(provider => { var options = new MSGraphOptions(); Configuration.Bind("MicrosoftGraph", options); var client = new MSGraphClient(options); return(client); }); // add AADB2C authentication services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme) .AddAzureADB2CBearer( AzureADB2CDefaults.BearerAuthenticationScheme, AzureADB2CDefaults.JwtBearerAuthenticationScheme, options => { Configuration.Bind("AzureAdB2C", options); }); // configure identity post token validation to retrieve user roles and add them to identity claims services.PostConfigure <JwtBearerOptions>(AzureADB2CDefaults.JwtBearerAuthenticationScheme, options => { options.Events = new JwtBearerEvents { OnTokenValidated = async context => { // get AADB2C identity by client ID var applicationId = Configuration["AzureAdB2C:ClientId"]; var identity = context.Principal.Identities.First(o => o.HasClaim("aud", applicationId)); // get authenticated user ID var subjectId = identity.FindFirst(ClaimTypes.NameIdentifier).Value; // query user roles var client = _serviceProvider.GetRequiredService <MSGraphClient>(); var roles = await client.GetUserRolesAsync(subjectId); // add roles to identity's claims collection with the right type foreach (var role in roles) { var roleClaim = new Claim(identity.RoleClaimType, role); identity.AddClaim(roleClaim); } } }; }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); // save DI container reference _serviceProvider = services.BuildServiceProvider(); }