/// <summary> /// Extension method to register the authentication services. /// </summary> /// <param name="services">IServiceCollection instance.</param> /// <param name="configuration">IConfiguration instance.</param> public static void AddLearnNowAuthentication(this IServiceCollection services, IConfiguration configuration) { configuration = configuration ?? throw new ArgumentNullException(nameof(configuration)); // This works specifically for single tenant application. AuthenticationServiceCollectionExtensions.ValidateAuthenticationConfigurationSettings(configuration); services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { var botOptions = new BotSettings(); var azureADOptions = new AzureADOptions(); configuration.Bind("Bot", botOptions); configuration.Bind("AzureAd", azureADOptions); options.Authority = $"{azureADOptions.Instance}/{botOptions.TenantId}/v2.0"; options.TokenValidationParameters = new TokenValidationParameters { ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration), ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration), AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator, }; }); RegisterAuthorizationPolicy(services); }
/// <summary> /// Gets a collection of valid issuer. /// </summary> /// <param name="configuration">Represents a set of key/value application configuration properties.</param> /// <returns>A collection of valid issuer.</returns> private static IEnumerable <string> GetValidIssuers(IConfiguration configuration) { var tenantId = configuration[AuthenticationServiceCollectionExtensions.TenantIdConfigurationSettingsKey]; var validIssuers = AuthenticationServiceCollectionExtensions.GetSettings( configuration, AuthenticationServiceCollectionExtensions.ValidIssuersConfigurationSettingsKey); validIssuers = validIssuers.Select(validIssuer => validIssuer.Replace("TENANT_ID", tenantId, StringComparison.OrdinalIgnoreCase)); return(validIssuers); }