/// <summary>
/// Adds Active Directory Federation Services (ADFS) issued JWT bearer token middleware to your web application pipeline.
/// </summary>
/// <param name="app">The IAppBuilder passed to your configuration method.</param>
/// <param name="options">An options class that controls the middleware behavior.</param>
/// <returns>The original app parameter.</returns>
public static IAppBuilder UseActiveDirectoryFederationServicesBearerAuthentication(this IAppBuilder app, ActiveDirectoryFederationServicesBearerAuthenticationOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
var bearerOptions = new OAuthBearerAuthenticationOptions
{
Realm = options.Realm,
Provider = options.Provider,
AccessTokenFormat = new JwtFormat(options.Audience, new WsFedCachingSecurityTokenProvider(options.MetadataEndpoint,
options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler)),
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Description = options.Description
};
app.UseOAuthBearerAuthentication(bearerOptions);
return(app);
}
/// <summary>
/// Adds Active Directory Federation Services (ADFS) issued JWT bearer token middleware to your web application pipeline.
/// </summary>
/// <param name="app">The IAppBuilder passed to your configuration method.</param>
/// <param name="options">An options class that controls the middleware behavior.</param>
/// <returns>The original app parameter.</returns>
public static IAppBuilder UseActiveDirectoryFederationServicesBearerAuthentication(this IAppBuilder app, ActiveDirectoryFederationServicesBearerAuthenticationOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
var cachingSecurityTokenProvider = new WsFedCachingSecurityTokenProvider(options.MetadataEndpoint,
options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler);
#pragma warning disable 618
JwtFormat jwtFormat = null;
if (options.TokenValidationParameters != null)
{
if (!string.IsNullOrWhiteSpace(options.Audience))
{
// Carry over obsolete property if set
if (string.IsNullOrWhiteSpace(options.TokenValidationParameters.ValidAudience))
{
options.TokenValidationParameters.ValidAudience = options.Audience;
}
else if (options.TokenValidationParameters.ValidAudiences == null)
{
options.TokenValidationParameters.ValidAudiences = new[] { options.Audience };
}
else
{
options.TokenValidationParameters.ValidAudiences = options.TokenValidationParameters.ValidAudiences.Concat(new[] { options.Audience });
}
}
jwtFormat = new JwtFormat(options.TokenValidationParameters, cachingSecurityTokenProvider);
}
else
{
jwtFormat = new JwtFormat(options.Audience, cachingSecurityTokenProvider);
}
#pragma warning restore 618
if (options.TokenHandler != null)
{
jwtFormat.TokenHandler = options.TokenHandler;
}
var bearerOptions = new OAuthBearerAuthenticationOptions
{
Realm = options.Realm,
Provider = options.Provider,
AccessTokenFormat = jwtFormat,
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Description = options.Description
};
app.UseOAuthBearerAuthentication(bearerOptions);
return(app);
}