/// <summary>
/// Adds Windows Azure Active Directory (WAAD) issued JWT bearer token middleware to your web application pipeline.
/// </summary>
/// <param name="app">The IAppBuilder passed to your configuration method.</param>
/// <param name="options">An options class that controls the middleware behavior.</param>
/// <returns>The original app parameter.</returns>
public static IAppBuilder UseWindowsAzureActiveDirectoryBearerAuthentication(this IAppBuilder app, WindowsAzureActiveDirectoryBearerAuthenticationOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
if (string.IsNullOrWhiteSpace(options.Tenant))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "Tenant"));
}
var bearerOptions = new OAuthBearerAuthenticationOptions
{
Realm = options.Realm,
Provider = options.Provider,
AccessTokenFormat = new JwtFormat(options.Audience,
new WsFedCachingSecurityTokenProvider(
string.Format(CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, options.Tenant),
options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler)),
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Description = options.Description
};
app.UseOAuthBearerAuthentication(bearerOptions);
return app;
}
public void ConfigureAuth(IAppBuilder app)
{
WindowsAzureActiveDirectoryBearerAuthenticationOptions options = new WindowsAzureActiveDirectoryBearerAuthenticationOptions()
{
Tenant = ConfigurationManager.AppSettings["aad:Audience"],
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
{
ValidAudience = ConfigurationManager.AppSettings["aad:Audience"]
},
};
app.UseWindowsAzureActiveDirectoryBearerAuthentication(options);
}
public AmazonWebServicesProvider(
string credentialsProfileName,
WindowsAzureActiveDirectoryBearerAuthenticationOptions authenticationOptions)
{
if (string.IsNullOrWhiteSpace(credentialsProfileName))
{
throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameCredentialsProfileName);
}
if (null == authenticationOptions)
{
throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameAuthenticationOptions);
}
this.anchoringBehaviorValue = new AnchoringByIdentifierBehavior();
this.Initialize(credentialsProfileName, this.anchoringBehaviorValue, authenticationOptions);
}
public IEnumerable<OwinMiddlewareRegistration> GetOwinMiddlewares() {
var middlewares = new List<OwinMiddlewareRegistration>();
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
var openIdOptions = new OpenIdConnectAuthenticationOptions {
ClientId = _azureClientId,
Authority = string.Format(CultureInfo.InvariantCulture, _azureADInstance, _azureTenant),
PostLogoutRedirectUri = _logoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications ()
};
var cookieOptions = new CookieAuthenticationOptions();
var bearerAuthOptions = new WindowsAzureActiveDirectoryBearerAuthenticationOptions {
TokenValidationParameters = new TokenValidationParameters {
ValidAudience = string.Format(_sslEnabled ? "https://{0}/{1}" : "http://{0}/{1}", _azureTenant, _azureAppName)
}
};
if (_azureWebSiteProtectionEnabled) {
middlewares.Add(new OwinMiddlewareRegistration {
Priority = "9",
Configure = app => { app.SetDataProtectionProvider(new MachineKeyProtectionProvider()); }
});
}
middlewares.Add(new OwinMiddlewareRegistration {
Priority = "10",
Configure = app => {
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(cookieOptions);
app.UseOpenIdConnectAuthentication(openIdOptions);
//This is throwing an XML DTD is prohibited error?
//app.UseWindowsAzureActiveDirectoryBearerAuthentication(bearerAuthOptions);
}
});
return middlewares;
}
private void Initialize(
string credentialsProfileName,
IAmazonWebServicesIdentityAnchoringBehavior anchoringBehavior,
AuthenticationOptions authenticationOptions)
{
if (string.IsNullOrWhiteSpace(credentialsProfileName))
{
throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameCredentialsProfileName);
}
if (null == anchoringBehavior)
{
throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameAnchoringBehavior);
}
if (null == authenticationOptions)
{
throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameAuthenticationOptions);
}
this.credentials = new StoredProfileAWSCredentials(credentialsProfileName);
this.anchoringBehaviorValue = anchoringBehavior;
this.windowsAzureActiveDirectoryBearerAuthenticationOptions =
authenticationOptions as WindowsAzureActiveDirectoryBearerAuthenticationOptions;
if (this.windowsAzureActiveDirectoryBearerAuthenticationOptions != null)
{
this.windowsAzureActiveDirectoryBearerAuthenticationOptions.TokenHandler = new TokenHandler();
}
}
private void OnServiceStartup(IAppBuilder applicationBuilder, HttpConfiguration configuration)
{
logger.Info("OnServiceStartup.... ###############");
// pvs
// IFilter is defined in System.Web.Http.dll.
System.Web.Http.Filters.IFilter authorizationFilter =
new System.Web.Http.AuthorizeAttribute(); // Defined in System.Web.Http.dll.configuration.Filters.Add(authorizationFilter);
// SystemIdentityModel.Tokens.TokenValidationParameters is defined in
// System.IdentityModel.Token.Jwt.dll.
System.IdentityModel.Tokens.TokenValidationParameters tokenValidationParameters =
new TokenValidationParameters()
{
ValidAudience = "00000002-0000-0000-c000-000000000000"
};
// WindowsAzureActiveDirectoryBearerAuthenticationOptions is defined in
// Microsoft.Owin.Security.ActiveDirectory.dll
Microsoft.Owin.Security.ActiveDirectory.
WindowsAzureActiveDirectoryBearerAuthenticationOptions authenticationOptions =
new WindowsAzureActiveDirectoryBearerAuthenticationOptions()
{
TokenValidationParameters = tokenValidationParameters,
Tenant = TENANT_ID // Substitute the appropriate tenant’s
// identifier for this one.
};
applicationBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(authenticationOptions);
//~pvs
}