// This method works specifically for single tenant application.
private static void RegisterAuthenticationServices(
IServiceCollection services,
IConfiguration configuration,
AuthenticationOptions authenticationOptions)
{
AuthenticationServiceCollectionExtensions.ValidateAuthenticationOptions(authenticationOptions);
services.AddProtectedWebApi(configuration)
.AddProtectedWebApiCallsProtectedWebApi(configuration)
.AddInMemoryTokenCaches();
services.Configure <JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
{
var azureADOptions = new AzureADOptions
{
Instance = authenticationOptions.AzureAdInstance,
TenantId = authenticationOptions.AzureAdTenantId,
ClientId = authenticationOptions.AzureAdClientId,
};
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.SaveToken = true;
options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions);
options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator;
options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions);
});
}
private static void RegisterAuthenticationServicesWithCertificate(
IServiceCollection services,
IConfiguration configuration,
AuthenticationOptions authenticationOptions,
AzureADOptions azureADOptions)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(
options =>
{
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.SaveToken = true;
options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions);
options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator;
options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions);
},
microsoftIdentityOptions =>
{
configuration.Bind("AzureAd", microsoftIdentityOptions);
microsoftIdentityOptions.ClientCertificates = new CertificateDescription[]
{
CertificateDescription.FromKeyVault(configuration.GetValue <string>("KeyVault:Url"), configuration.GetValue <string>("GraphAppCertName")),
};
})
.EnableTokenAcquisitionToCallDownstreamApi(
confidentialClientApplicationOptions =>
{
configuration.Bind("AzureAd", confidentialClientApplicationOptions);
})
.AddInMemoryTokenCaches();
}
private static void RegisterAuthenticationServicesWithSecret(
IServiceCollection services,
IConfiguration configuration,
AuthenticationOptions authenticationOptions,
AzureADOptions azureADOptions)
{
services.AddMicrosoftIdentityWebApiAuthentication(configuration)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
services.Configure <JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.SaveToken = true;
options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions);
options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator;
options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions);
});
}
// This method works specifically for single tenant application.
private static void RegisterAuthenticationServices(
IServiceCollection services,
IConfiguration configuration)
{
AuthenticationServiceCollectionExtensions.ValidateAuthenticationConfigurationSettings(configuration);
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
.AddJwtBearer(options =>
{
var azureADOptions = new AzureADOptions();
configuration.Bind("AzureAd", azureADOptions);
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration),
ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration),
AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator,
};
});
}
// This method works specifically for single tenant application.
private static void RegisterAuthenticationServices(
IServiceCollection services,
IConfiguration configuration)
{
AuthenticationServiceCollectionExtensions.ValidateAuthenticationConfigurationSettings(configuration);
var atWorkRioIdentityOptions = configuration.GetSection("AtWorkRioIdentity").Get <AtWorkRioIdentityOptions>();
services.AddTransient <AtWorkRioIdentityOptions>(svc => atWorkRioIdentityOptions);
services.AddSingleton((serviceProvider) =>
{
var options = serviceProvider.GetService <AtWorkRioIdentityOptions>();
return(new DiscoveryCache(options.Authority));
});
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
var azureADOptions = new AzureADOptions();
configuration.Bind("AzureAd", azureADOptions);
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration),
ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration),
AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator,
};
})
.AddIdentityServerAuthentication(PolicyNames.AtWorkRioIdentity, options =>
{
options.Authority = atWorkRioIdentityOptions.Authority;
options.ApiName = atWorkRioIdentityOptions.ApiName;
options.ApiSecret = atWorkRioIdentityOptions.ApiSecret;
options.RequireHttpsMetadata = false;
})
;
}
