/// <summary> /// Extension method to register the authentication services. /// </summary> /// <param name="services">IServiceCollection instance.</param> /// <param name="configuration">IConfiguration instance.</param> public static void AddNewHireOnboardingAuthentication( this IServiceCollection services, IConfiguration configuration) { configuration = configuration ?? throw new ArgumentNullException(nameof(configuration)); // This works specifically for single tenant application. ValidateAuthenticationConfigurationSettings(configuration); var tenantId = configuration[AuthenticationServiceCollectionExtensions.TenantIdConfigurationSettingsKey]; services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { var azureADOptions = new AzureADOptions(); configuration.Bind("AzureAd", azureADOptions); options.Authority = $"{azureADOptions.Instance}{tenantId}/v2.0"; options.TokenValidationParameters = new TokenValidationParameters { ValidateAudience = true, ValidateIssuer = true, ValidateIssuerSigningKey = true, ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration), ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration), AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator, }; }); RegisterAuthorizationPolicy(services); }
/// <summary> /// Gets a collection of valid issuer. /// </summary> /// <param name="configuration">Represents a set of key/value application configuration properties.</param> /// <returns>A collection of valid issuer.</returns> private static IEnumerable <string> GetValidIssuers(IConfiguration configuration) { var tenantId = configuration[AuthenticationServiceCollectionExtensions.TenantIdConfigurationSettingsKey]; var validIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuersConfigurationSettings( configuration, AuthenticationServiceCollectionExtensions.ValidIssuersConfigurationSettingsKey); validIssuers = validIssuers.Select(validIssuer => validIssuer.Replace("TENANT_ID", tenantId, StringComparison.OrdinalIgnoreCase)); return(validIssuers); }