/// <summary>
/// Gets a <see cref="AadIssuerValidator"/> for an authority.
/// </summary>
/// <param name="aadAuthority">The authority to create the validator for, e.g. https://login.microsoftonline.com/ </param>
/// <returns>A <see cref="AadIssuerValidator"/> for the aadAuthority.</returns>
/// <exception cref="ArgumentNullException">if <paramref name="aadAuthority"/> is null or empty.</exception>
public static AadIssuerValidator GetIssuerValidator(string aadAuthority)
{
if (string.IsNullOrEmpty(aadAuthority))
{
throw new ArgumentNullException(nameof(aadAuthority));
}
if (s_issuerValidators.TryGetValue(aadAuthority, out AadIssuerValidator aadIssuerValidator))
{
return(aadIssuerValidator);
}
else
{
// In the constructor, we hit the Azure AD issuer metadata endpoint and cache the aliases. The data is cached for 24 hrs.
var issuerMetadata = s_configManager.GetConfigurationAsync().ConfigureAwait(false).GetAwaiter().GetResult();
string authorityHost;
try
{
authorityHost = new Uri(aadAuthority).Authority;
}
catch
{
authorityHost = null;
}
// Add issuer aliases of the chosen authority
string authority = authorityHost ?? new Uri(FallbackAuthority).Host;
var aliases = issuerMetadata.Metadata
.Where(m => m.Aliases.Any(a => string.Equals(a, authority, StringComparison.OrdinalIgnoreCase)))
.SelectMany(m => m.Aliases)
.Distinct();
s_issuerValidators[authority] = new AadIssuerValidator(aliases);
return(s_issuerValidators[authority]);
}
}
/// <summary>
/// Gets an <see cref="AadIssuerValidator"/> for an authority.
/// </summary>
/// <param name="aadAuthority">The authority to create the validator for, e.g. https://login.microsoftonline.com/ </param>
/// <returns>A <see cref="AadIssuerValidator"/> for the aadAuthority.</returns>
/// <exception cref="ArgumentNullException">if <paramref name="aadAuthority"/> is null or empty.</exception>
public static AadIssuerValidator GetIssuerValidator(string aadAuthority)
{
if (string.IsNullOrEmpty(aadAuthority))
{
throw new ArgumentNullException(nameof(aadAuthority));
}
Uri.TryCreate(aadAuthority, UriKind.Absolute, out Uri authorityUri);
string authorityHost = authorityUri?.Authority ?? new Uri(FallbackAuthority).Authority;
if (s_issuerValidators.TryGetValue(authorityHost, out AadIssuerValidator aadIssuerValidator))
{
return(aadIssuerValidator);
}
// In the constructor, we hit the Azure AD issuer metadata endpoint and cache the aliases. The data is cached for 24 hrs.
var issuerMetadata = s_configManager.GetConfigurationAsync().ConfigureAwait(false).GetAwaiter().GetResult();
// Add issuer aliases of the chosen authority to the cache
var aliases = issuerMetadata.Metadata
.Where(m => m.Aliases.Any(a => string.Equals(a, authorityHost, StringComparison.OrdinalIgnoreCase)))
.SelectMany(m => m.Aliases)
.Append(authorityHost) // For B2C scenarios, the alias will be the authority itself
.Distinct();
s_issuerValidators[authorityHost] = new AadIssuerValidator(aliases);
return(s_issuerValidators[authorityHost]);
}
/// <summary>
/// Retrieves the AadIssuerValidator for a given authority
/// </summary>
/// <param name="aadAuthority"></param>
/// <returns></returns>
public static AadIssuerValidator ForAadInstance(string aadAuthority)
{
if (issuerValidators.ContainsKey(aadAuthority))
{
return(issuerValidators[aadAuthority]);
}
else
{
string authorityHost = new Uri(aadAuthority).Authority;
// In the constructor, we hit the Azure AD issuer metadata endpoint and cache the aliases. The data is cached for 24 hrs.
string AzureADIssuerMetadataUrl = "https://login.microsoftonline.com/common/discovery/instance?authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize&api-version=1.1";
ConfigurationManager <IssuerMetadata> configManager = new ConfigurationManager <IssuerMetadata>(AzureADIssuerMetadataUrl, new IssuerConfigurationRetriever());
IssuerMetadata issuerMetadata = configManager.GetConfigurationAsync().Result;
// Add issuer aliases of the chosen authority
string authority = authorityHost ?? FallBackAuthority;
var aliases = issuerMetadata.Metadata.Where(m => m.Aliases.Any(a => a == authority)).SelectMany(m => m.Aliases).Distinct();
AadIssuerValidator issuerValidator = new AadIssuerValidator(aliases);
issuerValidators.Add(authority, issuerValidator);
return(issuerValidator);
}
}
/// <summary>
/// Gets an <see cref="AadIssuerValidator"/> for an authority.
/// </summary>
/// <param name="aadAuthority">The authority to create the validator for, e.g. https://login.microsoftonline.com/. </param>
/// <returns>A <see cref="AadIssuerValidator"/> for the aadAuthority.</returns>
/// <exception cref="ArgumentNullException">if <paramref name="aadAuthority"/> is null or empty.</exception>
public AadIssuerValidator GetAadIssuerValidator(string aadAuthority)
{
return(AadIssuerValidator.GetAadIssuerValidator(aadAuthority, HttpClient));
}