public static IActionResult DfmGetEasyAuthConfigFunction(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "a/p/i/easyauth-config")] HttpRequest req
)
{
string siteName = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_SITE_NAME);
string clientId = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_CLIENT_ID);
// When deployed to Azure, this tool should always be protected by EasyAuth
if (!string.IsNullOrEmpty(siteName) && string.IsNullOrEmpty(clientId) && !DfmEndpoint.Settings.DisableAuthentication)
{
return(new ObjectResult($"You need to configure EasyAuth for your '{siteName}' instance. This tool should never be exposed to the world without authentication.")
{
StatusCode = 401
});
}
// Trying to get tenantId from WEBSITE_AUTH_OPENID_ISSUER environment variable
string tenantId = "common";
string openIdIssuer = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_OPENID_ISSUER);
if (!string.IsNullOrEmpty(openIdIssuer))
{
var match = GuidRegex.Match(openIdIssuer);
if (match.Success)
{
tenantId = match.Groups[1].Value;
}
}
return(new { clientId, authority = "https://login.microsoftonline.com/" + tenantId }.ToJsonContentResult());
}
public static Task <IActionResult> DfmGetEasyAuthConfigFunction(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "a/p/i/easyauth-config")] HttpRequest req,
ILogger log
)
{
return(req.HandleErrors(log, async() => {
// Checking nonce, if it was set as an env variable.
// Don't care about return value of this method here.
Auth.IsNonceSetAndValid(req.Headers);
string siteName = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_SITE_NAME);
string clientId = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_CLIENT_ID);
// When deployed to Azure, this tool should always be protected by EasyAuth
if (!string.IsNullOrEmpty(siteName) && string.IsNullOrEmpty(clientId) && !DfmEndpoint.Settings.DisableAuthentication)
{
log.LogError($"You need to configure EasyAuth for your '{siteName}' instance. This tool should never be exposed to the world without authentication.");
return new UnauthorizedResult();
}
string unauthenticatedAction = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_UNAUTHENTICATED_ACTION);
if (unauthenticatedAction == Auth.UnauthenticatedActionRedirectToLoginPage)
{
// Assuming it is the server-directed login flow to be used
// and returning just the user name (to speed up login process)
var userNameClaim = req.HttpContext.User?.FindFirst(DfmEndpoint.Settings.UserNameClaimName);
return new { userName = userNameClaim?.Value }.ToJsonContentResult();
}
// Trying to get tenantId from WEBSITE_AUTH_OPENID_ISSUER environment variable
string tenantId = "common";
string openIdIssuer = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_OPENID_ISSUER);
if (!string.IsNullOrEmpty(openIdIssuer))
{
var match = GuidRegex.Match(openIdIssuer);
if (match.Success)
{
tenantId = match.Groups[1].Value;
}
}
return new { clientId, authority = "https://login.microsoftonline.com/" + tenantId }.ToJsonContentResult();
}));
}
public static IActionResult Run(
// Using /a/p/i route prefix, to let Functions Host distinguish api methods from statics
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "a/p/i/easyauth-config")] HttpRequest req
)
{
// Checking if hub name is specified
string hubName = Environment.GetEnvironmentVariable(EnvVariableNames.DFM_HUB_NAME);
if (string.IsNullOrEmpty(hubName))
{
return(new ObjectResult($"You need to explicitly specify the hub name via '{EnvVariableNames.DFM_HUB_NAME}' application setting.")
{
StatusCode = 500
});
}
string siteName = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_SITE_NAME);
string clientId = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_CLIENT_ID);
// When deployed to Azure, this tool should always be protected by EasyAuth
if (!string.IsNullOrEmpty(siteName) && string.IsNullOrEmpty(clientId))
{
return(new ObjectResult($"You need to configure EasyAuth for your '{siteName}' instance. This tool should never be exposed to the world without authentication.")
{
StatusCode = 401
});
}
// Trying to get tenantId from WEBSITE_AUTH_OPENID_ISSUER environment variable
string tenantId = "common";
string openIdIssuer = Environment.GetEnvironmentVariable(EnvVariableNames.WEBSITE_AUTH_OPENID_ISSUER);
if (!string.IsNullOrEmpty(openIdIssuer))
{
var match = GuidRegex.Match(openIdIssuer);
if (match.Success)
{
tenantId = match.Groups[1].Value;
}
}
return(new { clientId, authority = "https://login.microsoftonline.com/" + tenantId }.ToJsonContentResult());
}
public static bool IsGuid(string value)
{
return(GuidRegex.IsMatch(value));
}
public static string RemoveGuids(this string source)
{
return(GuidRegex.Replace(source, string.Empty));
}
