public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder, Action <AadAuthenticationOptions> configureOptions)
{
builder.Services.Configure(configureOptions);
builder.Services.AddSingleton <IConfigureOptions <JwtBearerOptions>, ConfigureAzureOptions>();
builder.Services.AddSingleton <IConfigureOptions <OpenIdConnectOptions>, ConfigureOpenIdConnecteOptions>();
builder.AddOpenIdConnect();
builder.AddJwtBearer();
return(builder);
}
public static AuthenticationBuilder AddAzureAdBearer(this AuthenticationBuilder builder, IConfiguration configuration)
{
builder.AddJwtBearer(AuthenticationBearers.AzureAD, options =>
{
options.Audience = configuration["AzureAd:ClientId"];
options.TokenValidationParameters.ValidIssuers = new List <string>()
{
$"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}/v2.0" //For Issuer validation for MSAL v2
};
options.Authority = $"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}";
});
return(builder);
}
// Set the authentication options and validation for the JwT Token
public static AuthenticationBuilder AddAzureAdBearer(this AuthenticationBuilder builder, Action <AzureAdOptions> configureOptions)
{
builder.Services.Configure(configureOptions);
builder.Services.AddSingleton <IConfigureOptions <JwtBearerOptions>, ConfigureAzureOptions>();
builder.AddJwtBearer(cfg => {
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.Audience = "e3f598bd-da8d-4a97-86d0-7e903b4d09c3";
cfg.TokenValidationParameters = new IdentityModel.Tokens.TokenValidationParameters()
{
ValidateAudience = true,
ValidateIssuer = true,
ValidateLifetime = true,
};
});
return(builder);
}
/// <summary>
/// Adds JWT Bearer authentication to your app for Azure Active Directory Applications.
/// </summary>
/// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
/// <param name="scheme">The identifier for the virtual scheme.</param>
/// <param name="jwtBearerScheme">The identifier for the underlying JWT Bearer scheme.</param>
/// <param name="configureOptions">The <see cref="Action{AzureADOptions}"/> to configure the
/// <see cref="AzureADOptions"/>.
/// </param>
/// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
public static AuthenticationBuilder AddAzureADBearer(
this AuthenticationBuilder builder,
string scheme,
string jwtBearerScheme,
Action <AzureADOptions> configureOptions)
{
builder.AddPolicyScheme(scheme, displayName: null, configureOptions: o =>
{
o.ForwardDefault = jwtBearerScheme;
});
builder.Services.Configure(TryAddJwtBearerSchemeMapping(scheme, jwtBearerScheme));
builder.Services.TryAddSingleton <IConfigureOptions <AzureADOptions>, AzureADOptionsConfiguration>();
builder.Services.TryAddSingleton <IConfigureOptions <JwtBearerOptions>, JwtBearerOptionsConfiguration>();
builder.Services.Configure(scheme, configureOptions);
builder.AddJwtBearer(jwtBearerScheme, o => { });
return(builder);
}
public static AuthenticationBuilder AddAzureAdAndB2CBearer(this AuthenticationBuilder builder, IConfiguration configuration)
{
builder.AddJwtBearer(AuthenticationBearers.AzureAD, options =>
{
options.Audience = configuration["AzureAd:ClientId"];
options.TokenValidationParameters.ValidIssuers = new List <string>()
{
$"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}/v2.0" //For Issuer validation for MSAL v2
};
options.Authority = $"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}";
options.Events = new JwtBearerEvents
{
OnMessageReceived = OnMessageReceived
};
})
.AddJwtBearer(AuthenticationBearers.AzureB2C, options =>
{
options.Audience = configuration["AzureAdB2CWeb:ClientId"];
options.Authority = $"{configuration["AzureAdB2CWeb:Instance"]}/{configuration["AzureAdB2CWeb:Domain"]}/{configuration["AzureAdB2CWeb:SignUpSignInPolicyId"]}/v2.0";
});
return(builder);
}
