public static void AddApiAuthentication(this IServiceCollection services, AzureActiveDirectoryConfiguration config)
{
services.AddAuthorization(o =>
{
o.AddPolicy(PolicyNames.Default, policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireRole(RoleNames.Default);
});
});
services.AddAuthentication(auth => { auth.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
.AddJwtBearer(auth =>
{
auth.Authority =
$"https://login.microsoftonline.com/{config.Tenant}";
auth.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudiences = new List <string>
{
config.Identifier
}
};
});
services.AddSingleton <IClaimsTransformation, AzureAdScopeClaimTransformation>();
}
public static void AddAuthentication(
this IServiceCollection services,
AzureActiveDirectoryConfiguration config, Dictionary <string, string> policies)
{
services.AddAuthorization(o =>
{
foreach (var policyName in policies)
{
o.AddPolicy(policyName.Key, policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireRole(policyName.Value);
});
}
});
services.AddAuthentication(auth => { auth.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
.AddJwtBearer(auth =>
{
auth.Authority =
$"https://login.microsoftonline.com/{config.Tenant}";
auth.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudiences = config.Identifier.Split(",")
};
});
services.AddSingleton <IClaimsTransformation, AzureAdScopeClaimTransformation>();
}
/// <summary>
/// Initializes a new instance of the <see cref="AzureActiveDirectoryRepository"/> class.
/// </summary>
/// <param name="loggerFactory">Logger factory for creating logger</param>
/// <param name="configuration">Configuration for this Azure Active Directory repository</param>
public AzureActiveDirectoryRepository(ILoggerFactory loggerFactory, AzureActiveDirectoryConfiguration configuration)
: base(loggerFactory)
{
this.Logger.LogTrace("Beginning construction of Azure Active Directory Repository");
// Sanity check input arguments
configuration = Ensure.IsNotNull(() => configuration);
configuration.Validate();
// Copy over domain from configuration
this.domain = Ensure.IsNotNullOrWhitespace(() => configuration.Domain);
// Build Graph Service Client
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(configuration.AppId)
.WithTenantId(configuration.TenantId)
.WithClientSecret(configuration.ClientSecret)
.Build();
var authProvider = new ClientCredentialProvider(confidentialClientApplication);
this.graphServiceClient = new GraphServiceClient(authProvider);
this.Logger.LogTrace("Completed construction of Azure Active Directory Repository");
}
/// <summary>
/// Initializes a new instance of the <see cref="UserService"/> class.
/// </summary>
/// <param name="loggerFactory">Logger factory for this service</param>
/// <param name="configuration">Application configuration</param>
public UserService(ILoggerFactory loggerFactory, IConfiguration configuration)
: base(loggerFactory, configuration)
{
this.Logger.LogTrace("Construction of User Service beginning");
// Build user repository
var cosmosConfiguration = CosmosConfiguration.BuildFromConfiguration(this.Configuration);
this.userRepository = new CosmosUserRepository <AdminUser>(cosmosConfiguration, loggerFactory);
// Build AAD Repository
var azureActiveDirectoryConfiguration = AzureActiveDirectoryConfiguration.BuildFromConfiguration(this.Configuration);
this.azureActiveDirectoryRepository = new AzureActiveDirectoryRepository(loggerFactory, azureActiveDirectoryConfiguration);
this.Logger.LogTrace("Construction of User Service complete");
}