-
Notifications
You must be signed in to change notification settings - Fork 330
/
WindowsAzureActiveDirectoryBearerAuthenticationExtensions.cs
94 lines (84 loc) · 4.08 KB
/
WindowsAzureActiveDirectoryBearerAuthenticationExtensions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using System.Globalization;
using System.Linq;
using Microsoft.Owin.Security.ActiveDirectory;
using Microsoft.Owin.Security.ActiveDirectory.Properties;
using Microsoft.Owin.Security.Jwt;
using Microsoft.Owin.Security.OAuth;
namespace Owin
{
/// <summary>
/// Extension methods provided by the Windows Azure Active Directory JWT bearer token middleware.
/// </summary>
public static class WindowsAzureActiveDirectoryBearerAuthenticationExtensions
{
private const string SecurityTokenServiceAddressFormat = "https://login.windows.net/{0}/federationmetadata/2007-06/federationmetadata.xml";
/// <summary>
/// Adds Windows Azure Active Directory (WAAD) issued JWT bearer token middleware to your web application pipeline.
/// </summary>
/// <param name="app">The IAppBuilder passed to your configuration method.</param>
/// <param name="options">An options class that controls the middleware behavior.</param>
/// <returns>The original app parameter.</returns>
public static IAppBuilder UseWindowsAzureActiveDirectoryBearerAuthentication(this IAppBuilder app, WindowsAzureActiveDirectoryBearerAuthenticationOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
if (string.IsNullOrWhiteSpace(options.MetadataAddress))
{
if (string.IsNullOrWhiteSpace(options.Tenant))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, "Tenant"));
}
options.MetadataAddress = string.Format(CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, options.Tenant);
}
var cachingSecurityTokenProvider = new WsFedCachingSecurityTokenProvider(options.MetadataAddress,
options.BackchannelCertificateValidator, options.BackchannelTimeout, options.BackchannelHttpHandler);
#pragma warning disable 618
JwtFormat jwtFormat = null;
if (options.TokenValidationParameters != null)
{
if (!string.IsNullOrWhiteSpace(options.Audience))
{
// Carry over obsolete property if set
if (string.IsNullOrWhiteSpace(options.TokenValidationParameters.ValidAudience))
{
options.TokenValidationParameters.ValidAudience = options.Audience;
}
else if (options.TokenValidationParameters.ValidAudiences == null)
{
options.TokenValidationParameters.ValidAudiences = new[] { options.Audience };
}
else
{
options.TokenValidationParameters.ValidAudiences = options.TokenValidationParameters.ValidAudiences.Concat(new[] { options.Audience });
}
}
jwtFormat = new JwtFormat(options.TokenValidationParameters, cachingSecurityTokenProvider);
}
else
{
jwtFormat = new JwtFormat(options.Audience, cachingSecurityTokenProvider);
}
#pragma warning restore 618
if (options.TokenHandler != null)
{
jwtFormat.TokenHandler = options.TokenHandler;
}
var bearerOptions = new OAuthBearerAuthenticationOptions
{
Realm = options.Realm,
Provider = options.Provider,
AccessTokenFormat = jwtFormat,
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Description = options.Description
};
app.UseOAuthBearerAuthentication(bearerOptions);
return app;
}
}
}