private static void ConfigureAuthentication(IServiceCollection services, AzureResourceManagerOptions azureResourceManagerOptions) { services .AddHttpContextAccessor() .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddAdapterAuthentication() .AddMicrosoftIdentityWebApi(jwtOptions => { // Disable audience validation jwtOptions.TokenValidationParameters.ValidateAudience = false; jwtOptions.Events = new JwtBearerEvents() { OnTokenValidated = async(TokenValidatedContext context) => { var userId = context.Principal.GetObjectId(); var tenantId = context.Principal.GetTenantId(); var userClaims = await context.HttpContext.ResolveClaimsAsync(tenantId, userId).ConfigureAwait(false); if (userClaims.Any()) { context.Principal.AddIdentity(new ClaimsIdentity(userClaims)); } } }; }, identityOptions => { identityOptions.ClientId = azureResourceManagerOptions.ClientId; identityOptions.ClientSecret = azureResourceManagerOptions.ClientSecret; identityOptions.TenantId = azureResourceManagerOptions.TenantId; identityOptions.Instance = "https://login.microsoftonline.com/"; }, JwtBearerDefaults.AuthenticationScheme); }
#pragma warning disable CA1822 // Mark members as static public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AzureResourceManagerOptions resourceManagerOptions) { if (env.IsDevelopment()) { app .UseDeveloperExceptionPage() .UseCors(builder => builder .SetIsOriginAllowed(origin => true) .SetPreflightMaxAge(TimeSpan.FromDays(1)) .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials()); } else { app .UseHsts(); // Our app currently runs in a container in App Service // which handels https, so this is not needed and causes // errors when enabled // .UseHttpsRedirection(); } app .UseSwagger() .UseSwaggerUI(setup => { setup.SwaggerEndpoint("/swagger/v1/swagger.json", "TeamCloud API v1"); setup.OAuthClientId(resourceManagerOptions.ClientId); setup.OAuthClientSecret(""); setup.OAuthUsePkce(); }); app .UseRouting() .UseAuthentication() .UseMiddleware <EnsureTeamCloudModelMiddleware>() .UseAuthorization() .UseEndpoints(endpoints => endpoints.MapControllers()); EncryptedValueProvider.DefaultDataProtectionProvider = app.ApplicationServices.GetDataProtectionProvider(); }
#pragma warning disable CA1822 // Mark members as static public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AzureResourceManagerOptions resourceManagerOptions) { if (env.IsDevelopment()) { app .UseDeveloperExceptionPage() .UseCors(builder => builder .SetIsOriginAllowed(origin => true) .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials()); } else { app .UseHsts() .UseHttpsRedirection(); } app .UseSwagger() .UseSwaggerUI(c => { c.SwaggerEndpoint("/openapi/v1/openapi.json", "TeamCloud API v1"); c.OAuthClientId(resourceManagerOptions.ClientId); c.OAuthClientSecret(""); c.OAuthUsePkce(); }); app .UseRouting() .UseAuthentication() .UseMiddleware <EnsureTeamCloudModelMiddleware>() .UseMiddleware <RequestResponseTracingMiddleware>() .UseWhen(context => context.Request.RequiresAdminUserSet(), appBuilder => { appBuilder.UseMiddleware <EnsureTeamCloudAdminMiddleware>(); }) .UseAuthorization() .UseEndpoints(endpoints => endpoints.MapControllers()); }
public AzureSessionOptions(AzureResourceManagerOptions azureRMOptions) { this.azureRMOptions = azureRMOptions ?? throw new System.ArgumentNullException(nameof(azureRMOptions)); }
#pragma warning restore CA1822 // Mark members as static private static void ConfigureSwagger(IServiceCollection services, AzureResourceManagerOptions azureResourceManagerOptions) { services .AddSwaggerGen(options => { options.DocumentFilter <SwaggerDocumentFilter>(); options.SwaggerDoc("v1", new OpenApiInfo { Version = "v1", Title = "TeamCloud", Description = "API for working with a TeamCloud instance.", Contact = new OpenApiContact { Url = new Uri("https://github.com/microsoft/TeamCloud/issues/new"), Email = @"*****@*****.**", Name = "TeamCloud Dev Team" }, License = new OpenApiLicense { Name = "TeamCloud is licensed under the MIT License", Url = new Uri("https://github.com/microsoft/TeamCloud/blob/main/LICENSE") } }); options.EnableAnnotations(); options.UseInlineDefinitionsForEnums(); options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme { Type = SecuritySchemeType.OAuth2, Flows = new OpenApiOAuthFlows { AuthorizationCode = new OpenApiOAuthFlow { TokenUrl = new Uri($"https://login.microsoftonline.com/{azureResourceManagerOptions.TenantId}/oauth2/v2.0/token"), AuthorizationUrl = new Uri($"https://login.microsoftonline.com/{azureResourceManagerOptions.TenantId}/oauth2/v2.0/authorize"), Scopes = new Dictionary <string, string> { { "openid", "Sign you in" }, { "http://TeamCloud.DEMO.Web/user_impersonation", "Access the TeamCloud API" } } } } }); options.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" }, }, new [] { "openid", "http://TeamCloud.DEMO.Web/user_impersonation" } } }); options.OperationFilter <SecurityRequirementsOperationFilter>(); }) .AddSwaggerGenNewtonsoftSupport(); }