// This method works specifically for single tenant application. private static void RegisterAuthenticationServices( IServiceCollection services, IConfiguration configuration, AuthenticationOptions authenticationOptions) { AuthenticationServiceCollectionExtensions.ValidateAuthenticationOptions(authenticationOptions); services.AddProtectedWebApi(configuration) .AddProtectedWebApiCallsProtectedWebApi(configuration) .AddInMemoryTokenCaches(); services.Configure <JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options => { var azureADOptions = new AzureADOptions { Instance = authenticationOptions.AzureAdInstance, TenantId = authenticationOptions.AzureAdTenantId, ClientId = authenticationOptions.AzureAdClientId, }; options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0"; options.SaveToken = true; options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions); options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator; options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions); }); }
private static void RegisterAuthenticationServicesWithCertificate( IServiceCollection services, IConfiguration configuration, AuthenticationOptions authenticationOptions, AzureADOptions azureADOptions) { services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApi( options => { options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0"; options.SaveToken = true; options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions); options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator; options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions); }, microsoftIdentityOptions => { configuration.Bind("AzureAd", microsoftIdentityOptions); microsoftIdentityOptions.ClientCertificates = new CertificateDescription[] { CertificateDescription.FromKeyVault(configuration.GetValue <string>("KeyVault:Url"), configuration.GetValue <string>("GraphAppCertName")), }; }) .EnableTokenAcquisitionToCallDownstreamApi( confidentialClientApplicationOptions => { configuration.Bind("AzureAd", confidentialClientApplicationOptions); }) .AddInMemoryTokenCaches(); }
private static void RegisterAuthenticationServicesWithSecret( IServiceCollection services, IConfiguration configuration, AuthenticationOptions authenticationOptions, AzureADOptions azureADOptions) { services.AddMicrosoftIdentityWebApiAuthentication(configuration) .EnableTokenAcquisitionToCallDownstreamApi() .AddInMemoryTokenCaches(); services.Configure <JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options => { options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0"; options.SaveToken = true; options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions); options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator; options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions); }); }
// This method works specifically for single tenant application. private static void RegisterAuthenticationServices( IServiceCollection services, IConfiguration configuration) { AuthenticationServiceCollectionExtensions.ValidateAuthenticationConfigurationSettings(configuration); services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { var azureADOptions = new AzureADOptions(); configuration.Bind("AzureAd", azureADOptions); options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0"; options.TokenValidationParameters = new TokenValidationParameters { ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration), ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration), AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator, }; }); }
// This method works specifically for single tenant application. private static void RegisterAuthenticationServices( IServiceCollection services, IConfiguration configuration) { AuthenticationServiceCollectionExtensions.ValidateAuthenticationConfigurationSettings(configuration); var atWorkRioIdentityOptions = configuration.GetSection("AtWorkRioIdentity").Get <AtWorkRioIdentityOptions>(); services.AddTransient <AtWorkRioIdentityOptions>(svc => atWorkRioIdentityOptions); services.AddSingleton((serviceProvider) => { var options = serviceProvider.GetService <AtWorkRioIdentityOptions>(); return(new DiscoveryCache(options.Authority)); }); services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => { var azureADOptions = new AzureADOptions(); configuration.Bind("AzureAd", azureADOptions); options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0"; options.TokenValidationParameters = new TokenValidationParameters { ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration), ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration), AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator, }; }) .AddIdentityServerAuthentication(PolicyNames.AtWorkRioIdentity, options => { options.Authority = atWorkRioIdentityOptions.Authority; options.ApiName = atWorkRioIdentityOptions.ApiName; options.ApiSecret = atWorkRioIdentityOptions.ApiSecret; options.RequireHttpsMetadata = false; }) ; }