// This method works specifically for single tenant application.
private static void RegisterAuthenticationServices(
IServiceCollection services,
IConfiguration configuration,
AuthenticationOptions authenticationOptions)
{
AuthenticationServiceCollectionExtensions.ValidateAuthenticationOptions(authenticationOptions);
services.AddProtectedWebApi(configuration)
.AddProtectedWebApiCallsProtectedWebApi(configuration)
.AddInMemoryTokenCaches();
services.Configure <JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
{
var azureADOptions = new AzureADOptions
{
Instance = authenticationOptions.AzureAdInstance,
TenantId = authenticationOptions.AzureAdTenantId,
ClientId = authenticationOptions.AzureAdClientId,
};
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.SaveToken = true;
options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions);
options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator;
options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions);
});
}
/// <summary>
/// Extension method to register the authentication services.
/// </summary>
/// <param name="services">IServiceCollection instance.</param>
/// <param name="configuration">The configuration instance.</param>
/// <param name="authenticationOptions">The authentication options.</param>
public static void AddAuthentication(
this IServiceCollection services,
IConfiguration configuration,
AuthenticationOptions authenticationOptions)
{
AuthenticationServiceCollectionExtensions.RegisterAuthenticationServices(services, configuration, authenticationOptions);
AuthenticationServiceCollectionExtensions.RegisterAuthorizationPolicy(services);
}
private static IEnumerable <string> GetValidIssuers(AuthenticationOptions authenticationOptions)
{
var tenantId = authenticationOptions.AzureAdTenantId;
var validIssuers =
AuthenticationServiceCollectionExtensions.SplitAuthenticationOptionsList(
authenticationOptions.AzureAdValidIssuers);
validIssuers = validIssuers.Select(validIssuer => validIssuer.Replace("TENANT_ID", tenantId));
return(validIssuers);
}