// This method works specifically for single tenant application. private static void RegisterAuthenticationServices( IServiceCollection services, IConfiguration configuration, AuthenticationOptions authenticationOptions) { AuthenticationServiceCollectionExtensions.ValidateAuthenticationOptions(authenticationOptions); services.AddProtectedWebApi(configuration) .AddProtectedWebApiCallsProtectedWebApi(configuration) .AddInMemoryTokenCaches(); services.Configure <JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options => { var azureADOptions = new AzureADOptions { Instance = authenticationOptions.AzureAdInstance, TenantId = authenticationOptions.AzureAdTenantId, ClientId = authenticationOptions.AzureAdClientId, }; options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0"; options.SaveToken = true; options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions); options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator; options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions); }); }
/// <summary> /// Extension method to register the authentication services. /// </summary> /// <param name="services">IServiceCollection instance.</param> /// <param name="configuration">The configuration instance.</param> /// <param name="authenticationOptions">The authentication options.</param> public static void AddAuthentication( this IServiceCollection services, IConfiguration configuration, AuthenticationOptions authenticationOptions) { AuthenticationServiceCollectionExtensions.RegisterAuthenticationServices(services, configuration, authenticationOptions); AuthenticationServiceCollectionExtensions.RegisterAuthorizationPolicy(services); }
private static IEnumerable <string> GetValidIssuers(AuthenticationOptions authenticationOptions) { var tenantId = authenticationOptions.AzureAdTenantId; var validIssuers = AuthenticationServiceCollectionExtensions.SplitAuthenticationOptionsList( authenticationOptions.AzureAdValidIssuers); validIssuers = validIssuers.Select(validIssuer => validIssuer.Replace("TENANT_ID", tenantId)); return(validIssuers); }