private async Task <System.IdentityModel.Tokens.Jwt.JwtSecurityToken> ValidateAADIdTokenAsync(string idToken)
{
var stsDiscoveryEndpoint = "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration";
var configRetriever = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever();
var configManager = new Microsoft.IdentityModel.Protocols
.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect
.OpenIdConnectConfiguration>(stsDiscoveryEndpoint, configRetriever);
var config = await configManager.GetConfigurationAsync();
var tokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
IssuerSigningKeys = config.SigningKeys,
};
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
tokenHandler.ValidateToken(idToken, tokenValidationParameters, out var validatedToken);
return(validatedToken as System.IdentityModel.Tokens.Jwt.JwtSecurityToken);
}
private async Task <System.Security.Claims.ClaimsPrincipal> ValidateAccessToken(string accessToken, ILogger log)
{
var audience = _options.Value.Audience;
var clientID = _options.Value.ClientId;
var tenant = _options.Value.Tenant;
var tenantid = _options.Value.TenantId;
var authority = string.Format(System.Globalization.CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/v2.0", tenant);
var validIssuers = new List <string>()
{
$"https://login.microsoftonline.com/{tenant}/",
$"https://login.microsoftonline.com/{tenant}/v2.0",
$"https://login.windows.net/{tenant}/",
$"https://login.microsoft.com/{tenant}/",
$"https://sts.windows.net/{tenantid}/"
};
// Debugging purposes only, set this to false for production
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configManager =
new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>(
$"{authority}/.well-known/openid-configuration",
new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration config = null;
config = await configManager.GetConfigurationAsync();
Microsoft.IdentityModel.Tokens.ISecurityTokenValidator tokenValidator = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
// Initialize the token validation parameters
Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
// App Id URI and AppId of this service application are both valid audiences.
ValidAudiences = new[] { audience, clientID },
// Support Azure AD V1 and V2 endpoints.
ValidIssuers = validIssuers,
IssuerSigningKeys = config.SigningKeys
};
try
{
Microsoft.IdentityModel.Tokens.SecurityToken securityToken;
var claimsPrincipal = tokenValidator.ValidateToken(accessToken, validationParameters, out securityToken);
return(claimsPrincipal);
}
catch (Exception ex)
{
log.LogInformation(ex.Message);
}
return(null);
}
private ManualValidadeToken()
{
string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0Domain"];
string auth0Audience = System.Configuration.ConfigurationManager.AppSettings["ida:Audience"];
Microsoft.IdentityModel.Protocols.IConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configurationManager =
new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>($"{auth0Domain}.well-known/openid-configuration", new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration openIdConfig = AsyncHelper.RunSync(async() => await configurationManager.GetConfigurationAsync(CancellationToken.None));
validationParameters = new TokenValidationParameters
{
ValidIssuer = auth0Domain,
ValidAudiences = new[] { auth0Audience },
IssuerSigningKeys = openIdConfig.SigningKeys
};
handler = new JwtSecurityTokenHandler();
}
