public AccountController(IHostSettingsService hostSettingsService)
{
this._hostSettingsService = hostSettingsService;
this._ib2COidcConfidentialClientSettingsConfiguration = this._hostSettingsService
.GetObject <B2COidcConfidentialSettingsClientConfiguration>("cookieAuth:");
}
/// <summary>
/// Configure the OWIN MiddleWare
/// <para>
/// Note how Scopes are FQ'ed, with the Service Identifier prefix (with slash)
/// to look like "https://fabrikamb2c.onmicrosoft.com/tasks/read"
/// or "https://fabrikamb2c.onmicrosoft.com/tasks/write"
/// </para>
/// </summary>
/// <param name="app"></param>
/// <param name="fullyQualifiedScopesRequiredByTargetApi"></param>
public void Configure(IAppBuilder app, string[] fullyQualifiedScopesRequiredByTargetApi)
{
_fullyQualifiedScopesRequiredByTargetApi = fullyQualifiedScopesRequiredByTargetApi;
// Retrieve settings from web.settings (actually, web.settings.appSettings.exclude):
_ib2COidcConfidentialClientSettingsConfiguration = this._keyHostSettingsService
.GetObject <B2COidcConfidentialSettingsClientConfiguration>("cookieAuth:");
// IMPORTANT:
// Differences between AAD and B2C include:
// * differnt Uri (not AuthorityUri -- using AuthorityCookieConfigurationUri).
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
Provider = new CookieAuthenticationProvider()
{
OnApplyRedirect = ctx =>
{
var response = ctx.Response;
if (!IsApiResponse(ctx.Response))
{
response.Redirect(ctx.RedirectUri);
}
}
}
});
// Specify the claims to validate
var tokenValidationParameters = new TokenValidationParameters
{
//// The signing key must match!
//ValidateIssuerSigningKey = true,
//IssuerSigningKey = signingKey,
//// Validate the JWT Issuer (iss) claim
//ValidateIssuer = true,
//ValidIssuer = "ExampleIssuer",
//// Validate the JWT Audience (aud) claim
//ValidateAudience = true,
//ValidAudience = "ExampleAudience",
ClockSkew = TimeSpan.FromSeconds(30),
NameClaimType = "name"
};
var openIdConnectAuthenticationOptions =
new OpenIdConnectAuthenticationOptions
{
// Whereas AAD V2 login does not require this, need to set for B2C.
MetadataAddress = _ib2COidcConfidentialClientSettingsConfiguration.AuthorityUri,
ClientId = _ib2COidcConfidentialClientSettingsConfiguration.ClientId,
RedirectUri = _ib2COidcConfidentialClientSettingsConfiguration.ClientRedirectUri,
PostLogoutRedirectUri = _ib2COidcConfidentialClientSettingsConfiguration.ClientPostLogoutUri,
// Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
Scope =
$"{OpenIdConnectScope.OpenIdProfile} {OpenIdConnectScope.OfflineAccess} {OpenIdConnectScope.Email} {string.Join(" ", _fullyQualifiedScopesRequiredByTargetApi).TrimEnd()}",
// For AAD, ResponseType was set to OpenIdConnectResponseTypes.IdToken
// For B2C, left as defaul, which is OpenIdConnectResponseTypes.CodeIdToken
ResponseType = OpenIdConnectResponseType.CodeIdToken,
TokenValidationParameters = tokenValidationParameters,
// Specify the callbacks for each type of notifications
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OnRedirectToIdentityProvider,
AuthorizationCodeReceived = OnAuthorizationCodeReceived,
AuthenticationFailed = OnAuthenticationFailed,
//this.MessageReceived = (Func<MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task>)(notification => (Task)Task.FromResult<int>(0));
//this.SecurityTokenReceived = (Func<SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task>)(notification => (Task)Task.FromResult<int>(0));
SecurityTokenValidated = OnSecurityTokenValidated
}
};
app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions);
}
