public AccountController(IHostSettingsService hostSettingsService) { this._hostSettingsService = hostSettingsService; this._ib2COidcConfidentialClientSettingsConfiguration = this._hostSettingsService .GetObject <B2COidcConfidentialSettingsClientConfiguration>("cookieAuth:"); }
/// <summary> /// Configure the OWIN MiddleWare /// <para> /// Note how Scopes are FQ'ed, with the Service Identifier prefix (with slash) /// to look like "https://fabrikamb2c.onmicrosoft.com/tasks/read" /// or "https://fabrikamb2c.onmicrosoft.com/tasks/write" /// </para> /// </summary> /// <param name="app"></param> /// <param name="fullyQualifiedScopesRequiredByTargetApi"></param> public void Configure(IAppBuilder app, string[] fullyQualifiedScopesRequiredByTargetApi) { _fullyQualifiedScopesRequiredByTargetApi = fullyQualifiedScopesRequiredByTargetApi; // Retrieve settings from web.settings (actually, web.settings.appSettings.exclude): _ib2COidcConfidentialClientSettingsConfiguration = this._keyHostSettingsService .GetObject <B2COidcConfidentialSettingsClientConfiguration>("cookieAuth:"); // IMPORTANT: // Differences between AAD and B2C include: // * differnt Uri (not AuthorityUri -- using AuthorityCookieConfigurationUri). app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions() { Provider = new CookieAuthenticationProvider() { OnApplyRedirect = ctx => { var response = ctx.Response; if (!IsApiResponse(ctx.Response)) { response.Redirect(ctx.RedirectUri); } } } }); // Specify the claims to validate var tokenValidationParameters = new TokenValidationParameters { //// The signing key must match! //ValidateIssuerSigningKey = true, //IssuerSigningKey = signingKey, //// Validate the JWT Issuer (iss) claim //ValidateIssuer = true, //ValidIssuer = "ExampleIssuer", //// Validate the JWT Audience (aud) claim //ValidateAudience = true, //ValidAudience = "ExampleAudience", ClockSkew = TimeSpan.FromSeconds(30), NameClaimType = "name" }; var openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions { // Whereas AAD V2 login does not require this, need to set for B2C. MetadataAddress = _ib2COidcConfidentialClientSettingsConfiguration.AuthorityUri, ClientId = _ib2COidcConfidentialClientSettingsConfiguration.ClientId, RedirectUri = _ib2COidcConfidentialClientSettingsConfiguration.ClientRedirectUri, PostLogoutRedirectUri = _ib2COidcConfidentialClientSettingsConfiguration.ClientPostLogoutUri, // Specify the scope by appending all of the scopes requested into one string (separated by a blank space) Scope = $"{OpenIdConnectScope.OpenIdProfile} {OpenIdConnectScope.OfflineAccess} {OpenIdConnectScope.Email} {string.Join(" ", _fullyQualifiedScopesRequiredByTargetApi).TrimEnd()}", // For AAD, ResponseType was set to OpenIdConnectResponseTypes.IdToken // For B2C, left as defaul, which is OpenIdConnectResponseTypes.CodeIdToken ResponseType = OpenIdConnectResponseType.CodeIdToken, TokenValidationParameters = tokenValidationParameters, // Specify the callbacks for each type of notifications Notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = OnRedirectToIdentityProvider, AuthorizationCodeReceived = OnAuthorizationCodeReceived, AuthenticationFailed = OnAuthenticationFailed, //this.MessageReceived = (Func<MessageReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task>)(notification => (Task)Task.FromResult<int>(0)); //this.SecurityTokenReceived = (Func<SecurityTokenReceivedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task>)(notification => (Task)Task.FromResult<int>(0)); SecurityTokenValidated = OnSecurityTokenValidated } }; app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions); }