/// <summary> /// Configures the application to use Azure AD with Power BI /// </summary> /// <param name="app">The OWIN app builder</param> /// <param name="setOptions">The action to set the authenciation options</param> /// <returns></returns> /// <exception cref="ArgumentNullException"></exception> public static IAppBuilder UsePowerBIAuthentication(this IAppBuilder app, Action<PowerBIAuthenticationOptions> setOptions) { if (setOptions == null) { throw new ArgumentNullException(nameof(setOptions)); } var options = new PowerBIAuthenticationOptions(); setOptions(options); return UsePowerBIAuthentication(app, options); }
/// <summary> /// Configures the application to use Azure AD with Power BI /// </summary> /// <param name="app">The OWIN app builder</param> /// <param name="options">The autheentication options</param> /// <returns>The OWIN app build</returns> /// <exception cref="ArgumentNullException"></exception> public static IAppBuilder UsePowerBIAuthentication(this IAppBuilder app, PowerBIAuthenticationOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } ValidateOptions(options); var openIdAuthOptions = new OpenIdConnectAuthenticationOptions { ClientId = options.ClientId, ClientSecret = options.ClientSecret, Authority = options.Authority, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidIssuer = options.Issuer, ValidateIssuer = options.ValidateIssuer }, Notifications = new OpenIdConnectAuthenticationNotifications() { AuthorizationCodeReceived = (context) => { OnAuthorizationCodeReceived(context, options); return Task.FromResult(0); }, AuthenticationFailed = (context) => { var redirectUri = options.ErrorRedirectUri ?? new Uri("/", UriKind.Relative); context.OwinContext.Response.Redirect(redirectUri.ToString()); context.HandleResponse(); return Task.FromResult(0); } } }; app.UseOpenIdConnectAuthentication(openIdAuthOptions); ConfigureTokenManager(); return app; }
private static void ValidateOptions(PowerBIAuthenticationOptions options) { if (string.IsNullOrEmpty(options.ClientId)) { throw new InvalidOperationException("ClientID is not set"); } if (string.IsNullOrEmpty(options.ClientSecret)) { throw new InvalidOperationException("ClientSecret is not set"); } if (options.ValidateIssuer && string.IsNullOrWhiteSpace(options.Issuer)) { throw new InvalidOperationException("Issuer is not set"); } if (string.IsNullOrWhiteSpace(options.Authority)) { throw new InvalidOperationException("Authority is not set"); } if (string.IsNullOrWhiteSpace(options.Resource)) { throw new InvalidOperationException("Resource is not set"); } if (options.SuccessRedirectUri == null) { throw new InvalidOperationException("SuccessRedirectUri is not set"); } }
private static void OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context, PowerBIAuthenticationOptions options) { var code = context.Code; var credential = new ClientCredential(options.ClientId, options.ClientSecret); var tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; var signedInUserId = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; var authContext = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}", new TokenCache(Encoding.Default.GetBytes(signedInUserId))); var result = authContext.AcquireTokenByAuthorizationCode(code, options.SuccessRedirectUri, credential, options.Resource); TokenManager.Current.WriteToken(context.AuthenticationTicket.Identity, result.AccessToken); }