public async Task <DocumentDiscoveryResult> GetAsync(string endpoint) { IJsonServiceClient client = new JsonServiceClient(appSettings.AuthRealm); string document; try { document = await client.GetAsync <string>(endpoint) .ConfigureAwait(false); } catch (AggregateException exception) { foreach (var ex in exception.InnerExceptions) { Log.Error($"Error occurred requesting document data from {endpoint}", ex); } return(null); } var configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration(document); return(new DocumentDiscoveryResult { AuthorizeUrl = configuration.AuthorizationEndpoint, IntrospectUrl = GetStringValue(document, "introspection_endpoint"), UserInfoUrl = configuration.UserInfoEndpoint, TokenUrl = configuration.TokenEndpoint, JwksUrl = configuration.JwksUri }); }
private async Task <System.Security.Claims.ClaimsPrincipal> ValidateAccessToken(string accessToken, ILogger log) { var audience = _options.Value.Audience; var clientID = _options.Value.ClientId; var tenant = _options.Value.Tenant; var tenantid = _options.Value.TenantId; var authority = string.Format(System.Globalization.CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/v2.0", tenant); var validIssuers = new List <string>() { $"https://login.microsoftonline.com/{tenant}/", $"https://login.microsoftonline.com/{tenant}/v2.0", $"https://login.windows.net/{tenant}/", $"https://login.microsoft.com/{tenant}/", $"https://sts.windows.net/{tenantid}/" }; // Debugging purposes only, set this to false for production Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configManager = new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>( $"{authority}/.well-known/openid-configuration", new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever()); Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration config = null; config = await configManager.GetConfigurationAsync(); Microsoft.IdentityModel.Tokens.ISecurityTokenValidator tokenValidator = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); // Initialize the token validation parameters Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters { // App Id URI and AppId of this service application are both valid audiences. ValidAudiences = new[] { audience, clientID }, // Support Azure AD V1 and V2 endpoints. ValidIssuers = validIssuers, IssuerSigningKeys = config.SigningKeys }; try { Microsoft.IdentityModel.Tokens.SecurityToken securityToken; var claimsPrincipal = tokenValidator.ValidateToken(accessToken, validationParameters, out securityToken); return(claimsPrincipal); } catch (Exception ex) { log.LogInformation(ex.Message); } return(null); }
private ManualValidadeToken() { string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0Domain"]; string auth0Audience = System.Configuration.ConfigurationManager.AppSettings["ida:Audience"]; Microsoft.IdentityModel.Protocols.IConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configurationManager = new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>($"{auth0Domain}.well-known/openid-configuration", new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever()); Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration openIdConfig = AsyncHelper.RunSync(async() => await configurationManager.GetConfigurationAsync(CancellationToken.None)); validationParameters = new TokenValidationParameters { ValidIssuer = auth0Domain, ValidAudiences = new[] { auth0Audience }, IssuerSigningKeys = openIdConfig.SigningKeys }; handler = new JwtSecurityTokenHandler(); }