public static void AddApiAuthentication(this IServiceCollection services, AzureActiveDirectoryConfiguration config)
        {
            services.AddAuthorization(o =>
            {
                o.AddPolicy(PolicyNames.Default, policy =>
                {
                    policy.RequireAuthenticatedUser();
                    policy.RequireRole(RoleNames.Default);
                });
            });

            services.AddAuthentication(auth => { auth.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
            .AddJwtBearer(auth =>
            {
                auth.Authority =
                    $"https://login.microsoftonline.com/{config.Tenant}";
                auth.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidAudiences = new List <string>
                    {
                        config.Identifier
                    }
                };
            });
            services.AddSingleton <IClaimsTransformation, AzureAdScopeClaimTransformation>();
        }
Пример #2
0
        public static void AddAuthentication(
            this IServiceCollection services,
            AzureActiveDirectoryConfiguration config, Dictionary <string, string> policies)
        {
            services.AddAuthorization(o =>
            {
                foreach (var policyName in policies)
                {
                    o.AddPolicy(policyName.Key, policy =>
                    {
                        policy.RequireAuthenticatedUser();
                        policy.RequireRole(policyName.Value);
                    });
                }
            });

            services.AddAuthentication(auth => { auth.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
            .AddJwtBearer(auth =>
            {
                auth.Authority =
                    $"https://login.microsoftonline.com/{config.Tenant}";
                auth.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidAudiences = config.Identifier.Split(",")
                };
            });

            services.AddSingleton <IClaimsTransformation, AzureAdScopeClaimTransformation>();
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="AzureActiveDirectoryRepository"/> class.
        /// </summary>
        /// <param name="loggerFactory">Logger factory for creating logger</param>
        /// <param name="configuration">Configuration for this Azure Active Directory repository</param>
        public AzureActiveDirectoryRepository(ILoggerFactory loggerFactory, AzureActiveDirectoryConfiguration configuration)
            : base(loggerFactory)
        {
            this.Logger.LogTrace("Beginning construction of Azure Active Directory Repository");

            // Sanity check input arguments
            configuration = Ensure.IsNotNull(() => configuration);
            configuration.Validate();

            // Copy over domain from configuration
            this.domain = Ensure.IsNotNullOrWhitespace(() => configuration.Domain);

            // Build Graph Service Client
            var confidentialClientApplication = ConfidentialClientApplicationBuilder
                                                .Create(configuration.AppId)
                                                .WithTenantId(configuration.TenantId)
                                                .WithClientSecret(configuration.ClientSecret)
                                                .Build();

            var authProvider = new ClientCredentialProvider(confidentialClientApplication);

            this.graphServiceClient = new GraphServiceClient(authProvider);

            this.Logger.LogTrace("Completed construction of Azure Active Directory Repository");
        }
Пример #4
0
        /// <summary>
        /// Initializes a new instance of the <see cref="UserService"/> class.
        /// </summary>
        /// <param name="loggerFactory">Logger factory for this service</param>
        /// <param name="configuration">Application configuration</param>
        public UserService(ILoggerFactory loggerFactory, IConfiguration configuration)
            : base(loggerFactory, configuration)
        {
            this.Logger.LogTrace("Construction of User Service beginning");

            // Build user repository
            var cosmosConfiguration = CosmosConfiguration.BuildFromConfiguration(this.Configuration);

            this.userRepository = new CosmosUserRepository <AdminUser>(cosmosConfiguration, loggerFactory);

            // Build AAD Repository
            var azureActiveDirectoryConfiguration = AzureActiveDirectoryConfiguration.BuildFromConfiguration(this.Configuration);

            this.azureActiveDirectoryRepository = new AzureActiveDirectoryRepository(loggerFactory, azureActiveDirectoryConfiguration);

            this.Logger.LogTrace("Construction of User Service complete");
        }