public async Task <DocumentDiscoveryResult> GetAsync(string endpoint)
{
IJsonServiceClient client = new JsonServiceClient(appSettings.AuthRealm);
string document;
try
{
document = await client.GetAsync <string>(endpoint)
.ConfigureAwait(false);
}
catch (AggregateException exception)
{
foreach (var ex in exception.InnerExceptions)
{
Log.Error($"Error occurred requesting document data from {endpoint}", ex);
}
return(null);
}
var configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration(document);
return(new DocumentDiscoveryResult
{
AuthorizeUrl = configuration.AuthorizationEndpoint,
IntrospectUrl = GetStringValue(document, "introspection_endpoint"),
UserInfoUrl = configuration.UserInfoEndpoint,
TokenUrl = configuration.TokenEndpoint,
JwksUrl = configuration.JwksUri
});
}
private async Task <System.Security.Claims.ClaimsPrincipal> ValidateAccessToken(string accessToken, ILogger log)
{
var audience = _options.Value.Audience;
var clientID = _options.Value.ClientId;
var tenant = _options.Value.Tenant;
var tenantid = _options.Value.TenantId;
var authority = string.Format(System.Globalization.CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/v2.0", tenant);
var validIssuers = new List <string>()
{
$"https://login.microsoftonline.com/{tenant}/",
$"https://login.microsoftonline.com/{tenant}/v2.0",
$"https://login.windows.net/{tenant}/",
$"https://login.microsoft.com/{tenant}/",
$"https://sts.windows.net/{tenantid}/"
};
// Debugging purposes only, set this to false for production
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configManager =
new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>(
$"{authority}/.well-known/openid-configuration",
new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration config = null;
config = await configManager.GetConfigurationAsync();
Microsoft.IdentityModel.Tokens.ISecurityTokenValidator tokenValidator = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
// Initialize the token validation parameters
Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
// App Id URI and AppId of this service application are both valid audiences.
ValidAudiences = new[] { audience, clientID },
// Support Azure AD V1 and V2 endpoints.
ValidIssuers = validIssuers,
IssuerSigningKeys = config.SigningKeys
};
try
{
Microsoft.IdentityModel.Tokens.SecurityToken securityToken;
var claimsPrincipal = tokenValidator.ValidateToken(accessToken, validationParameters, out securityToken);
return(claimsPrincipal);
}
catch (Exception ex)
{
log.LogInformation(ex.Message);
}
return(null);
}
private ManualValidadeToken()
{
string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0Domain"];
string auth0Audience = System.Configuration.ConfigurationManager.AppSettings["ida:Audience"];
Microsoft.IdentityModel.Protocols.IConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configurationManager =
new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>($"{auth0Domain}.well-known/openid-configuration", new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration openIdConfig = AsyncHelper.RunSync(async() => await configurationManager.GetConfigurationAsync(CancellationToken.None));
validationParameters = new TokenValidationParameters
{
ValidIssuer = auth0Domain,
ValidAudiences = new[] { auth0Audience },
IssuerSigningKeys = openIdConfig.SigningKeys
};
handler = new JwtSecurityTokenHandler();
}
