// // The Client ID is used by the application to uniquely identify itself to Azure AD. // The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials. // The Metadata Address is used by the application to retrieve the signing keys used by Azure AD. // The AAD Instance is the instance of Azure, for example public Azure or Azure China. // The Authority is the sign-in URL of the tenant. // The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out. // // This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API. public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = MediaLibraryWebApp.Configuration.ClientId, Authority = MediaLibraryWebApp.Configuration.Authority, PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // AuthorizationCodeReceived = (context) => { var code = context.Code; System.IdentityModel.Tokens.JwtSecurityToken jwtToken = context.JwtSecurityToken; string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value; Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey); NaiveSessionCache cache = new NaiveSessionCache(userObjectID); AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, cache); //Getting a token to connect with GraphApi later on userProfile page AuthenticationResult graphAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId); //Getting a access token which can be used to configure auth restrictions for multiple tentants since audience will be same for each web app requesting this token //AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.KdResourceId); //string kdAccessToken = kdAPiresult.AccessToken; //Initializing MediaServicesCredentials in order to obtain access token to be used to connect var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey); //Forces to get access token amsCredentials.RefreshToken(); //Adding token to a claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsSignInJwtToken, jwtToken.RawData)); //Adding media services access token as claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken)); return Task.FromResult(0); } } }); }
// added by [email protected] to the original template public void ConfigureAuth(IAppBuilder app) { ApplicationDbContext db = new ApplicationDbContext(); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = Authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. AuthorizationCodeReceived = (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(clientId, appKey); string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID)); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId); // added by [email protected] to the original template // Getting KeyDelivery Access Token AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, kdResourceId); string kdAccessToken = kdAPiresult.AccessToken; System.IdentityModel.Tokens.JwtSecurityToken kdAccessJwtToken = new System.IdentityModel.Tokens.JwtSecurityToken(kdAccessToken); try { // Initializing MediaServicesCredentials in order to obtain access token to be used to connect var amsCredentials = new MediaServicesCredentials(mediaServicesAccount, mediaServicesKey); // Forces to get access token amsCredentials.RefreshToken(); //Adding media services access token as claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim(VideoPortalDemo.Configurations.ClaimsAmsAcessToken, amsCredentials.AccessToken)); } catch { } //context.AuthenticationTicket.Identity.AddClaim( // new System.Security.Claims.Claim("KdAccessJwtSecurityTokenClaim", kdAccessJwtToken.RawData)); // added by [email protected] to the original template return Task.FromResult(0); } } }); }