-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
OwinOpenIdConnect.cs
73 lines (61 loc) · 2.88 KB
/
OwinOpenIdConnect.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// ----------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
// ----------------------------------------------------------------------------
namespace UserOwnsData.Services.Security
{
using Microsoft.Identity.Client;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System;
using System.Configuration;
using System.Security.Claims;
using System.Threading.Tasks;
public class OwinOpenIdConnect
{
private static readonly string tenantCommonAuthority = ConfigurationManager.AppSettings["authorityUrl"];
private static readonly string clientId = ConfigurationManager.AppSettings["clientId"];
private static readonly string clientSecret = ConfigurationManager.AppSettings["clientSecret"];
private static readonly string redirectUri = ConfigurationManager.AppSettings["redirectUri"];
public static void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = tenantCommonAuthority,
TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false },
RedirectUri = redirectUri,
Scope = "openid email profile " + String.Join(" ", PowerBIPermissionScopes.ReadUserWorkspaces),
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = OnAuthorizationCodeCallback
}
});
}
private static async Task OnAuthorizationCodeCallback(AuthorizationCodeReceivedNotification context)
{
ClaimsIdentity userClaims = context.AuthenticationTicket.Identity;
string userName = userClaims.Name;
string tenantId = userClaims.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
// Create URL for tenant-specific authority
string tenantSpecificAuthority = tenantCommonAuthority.Replace("common", tenantId);
var appConfidential = ConfidentialClientApplicationBuilder.Create(clientId)
.WithClientSecret(clientSecret)
.WithRedirectUri(redirectUri)
.WithAuthority(tenantSpecificAuthority)
.Build();
MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(appConfidential.UserTokenCache);
string[] scopes = PowerBIPermissionScopes.ReadUserWorkspaces;
IAccount user = appConfidential.GetAccountAsync(userName).Result;
var authResult = await appConfidential.AcquireTokenByAuthorizationCode(scopes, context.Code).ExecuteAsync();
}
}
}