Tuesday, January 30, 2018

API Authentication using Azure AD and generating new jwt token using another token

How add Authentication for Azure AD beare token and generate token:

In Web API startup.cs,
private void ConfigureAuth(IAppBuilder app)
        {
            app.UseWindowsAzureActiveDirectoryBearerAuthentication(
                    new WindowsAzureActiveDirectoryBearerAuthenticationOptions
                    {
                        Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
                        TokenValidationParameters = new TokenValidationParameters
                        {   SaveSigninToken=true,
                            ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] },
                            AuthenticationType = "WebApi"
                    });
        }

Config key:
 <add key="ida:Tenant" value="EYEXTSTG.onmicrosoft.com" />
    <add key="ida:Audience" value="https://EYEXTSTG.onmicrosoft.com/taxtrmdev-app" />


How to generate token for web api using another jwttoken

In Startup.cs,

 app.UseJwtBearerAuthentication(new JwtBearerOptions
            {
                AutomaticAuthenticate = true,
                AutomaticChallenge = true,
                SaveToken = true,
                Authority = ConfigurationHelper.AzureAdAuthority(),
                TokenValidationParameters =
                new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidIssuer = issuer,
                    ValidateAudience = true,
                    ValidAudiences = new string[] { clientId },
                    ValidateLifetime = true,
                    SaveSigninToken=true
                },
                Events = new TRMJwtBearerEvents(loggerFactory.CreateLogger<TRMJwtBearerEvents>())
            });


In UserController class,


  string authorityUrl = ConfigurationHelper.AzureAdAuthority() + ConfigurationHelper.AzureAdTenant();   
        string clientId = ConfigurationHelper.AzureAdClientId();
        string clientSecret = ConfigurationHelper.AzureAdClientSecret();
        string webApiResourceId = ConfigurationHelper.AzureAdWebApiResourceId();
        string graphResourceId = ConfigurationHelper.AzureAdGraphApiResourceId();
        string graphResourceUri = ConfigurationHelper.AzureAdGraphApiResourceUri();

        [HttpGet]
        [Route("GetToken")]
        public async Task<string> GetToken()
        {
            try
            {
                string jwtToken = await GetJWTTokenFromRequest();

                if (string.IsNullOrWhiteSpace(jwtToken))
                    return string.Empty;

                AuthenticationResult authResult = await GetAutheticationResultByResourceId(jwtToken, webApiResourceId);

                if (!string.IsNullOrWhiteSpace(authResult.AccessToken))
                    return authResult.AccessToken;
                else
                    return string.Empty;


            }
            catch (Exception ex)
            {
                //                throw;
                return string.Empty;
            }
        }   

        private async Task<AuthenticationResult> GetAutheticationResultByResourceId(string jwtToken, string apiResourceId)
        {
            try
            {
                UserAssertion userAssertion = new UserAssertion(jwtToken, "urn:ietf:params:oauth:grant-type:jwt-bearer", string.Empty);
                ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
                AuthenticationContext authContext = new AuthenticationContext(authorityUrl, true);
                AuthenticationResult authResult = await authContext.AcquireTokenAsync(apiResourceId, clientCred, userAssertion);
                return authResult;
            }
            catch (Exception ex)
            {

                //throw;
                return null;
            }
        }

        private async Task<string> GetJWTTokenFromRequest()
        {
            var authenticateInfo = await HttpContext.Authentication.GetAuthenticateInfoAsync("Bearer");
            string accessToken = authenticateInfo.Properties.Items[".Token.access_token"];
            string jwtToken = accessToken;
            return jwtToken;
        }
    }

No comments:

Post a Comment