in src/WebUI/dotnet/WebPortal/Helper/OpenIDAuthentication.cs [40:151]
public OpenIDAuthentication( string authenticationScheme, object config, ILoggerFactory logger)
{
_logger = logger.CreateLogger("Authentication(" + authenticationScheme +")");
_authenticationScheme = authenticationScheme;
_config = config as Dictionary<string, object>;
if (Object.ReferenceEquals(_config, null))
throw new System.ArgumentException(String.Format("Authentication {0}, there is no valid configuration object {1}", authenticationScheme, config));
if (_config.ContainsKey("UseAadGraph") &&
String.Compare(_config["UseAadGraph"] as string, "true", true) == 0)
_bUseAadGraph = true;
else
_bUseAadGraph = false;
if (_config.ContainsKey("UseToken") &&
String.Compare(_config["UseToken"] as string, "true", true) == 0)
_bUseToken = true;
else
_bUseToken = false;
if (_config.ContainsKey("UseIdToken") &&
String.Compare(_config["UseIdToken"] as string, "true", true) == 0)
_bUseIdToken = true;
else
_bUseIdToken = false;
if (_config.ContainsKey("DisplayName"))
_displayName = _config["DisplayName"] as string;
if (_config.ContainsKey("ClientId"))
_clientId = _config["ClientId"] as string;
if (_bUseAadGraph && String.IsNullOrEmpty(_clientId))
throw new System.ArgumentException(String.Format("Authentication {0}, there is clientId"));
if (_config.ContainsKey("ClientSecret"))
_clientSecret = _config["ClientSecret"] as string;
if (_bUseAadGraph && String.IsNullOrEmpty(_clientSecret))
throw new System.ArgumentException(String.Format("Authentication {0}, there is ClientSecret"));
if (_config.ContainsKey("AuthorityFormat"))
_authorityFormat = _config["AuthorityFormat"] as string;
if ( String.IsNullOrEmpty(_authorityFormat))
throw new System.ArgumentException(String.Format("Authentication {0}, mendatory configuration AuthorityFormat is missing."));
if (_config.ContainsKey("Tenant"))
_tenant = _config["Tenant"] as string;
if (_bUseAadGraph && String.IsNullOrEmpty(_tenant))
throw new System.ArgumentException(String.Format("Authentication {0}, mendatory configuration Tenant is missing."));
if (_config.ContainsKey("AzureResourceURL"))
_AadResourceURL = _config["AzureResourceURL"] as string;
if (_config.ContainsKey("Scope"))
_scope = _config["Scope"] as string;
if (_config.ContainsKey("RedirectUri"))
_redirectURL = _config["RedirectUri"] as string;
if (_config.ContainsKey("GraphBaseEndpoint"))
_graphBasePoint = _config["GraphBaseEndpoint"] as string;
if (_bUseAadGraph && String.IsNullOrEmpty(_graphBasePoint))
throw new System.ArgumentException(String.Format("Authentication {0}, need GraphBaseEndpoint."));
if (_config.ContainsKey("GraphApiVersion"))
_graphApiVersion = _config["GraphApiVersion"] as string;
if (_bUseAadGraph && String.IsNullOrEmpty(_graphApiVersion))
throw new System.ArgumentException(String.Format("Authentication {0}, need GraphApiVersion."));
if (_config.ContainsKey("Domains"))
_domains = _config["Domains"] as Dictionary<string, object>;
_logger.LogInformation("Use AadGraph {0}, ClientId {1}, ClientSecret{2}, AuthorityFormat {3}, Tenant {4}, AzureResourceURL {5}, Scope {6}, RedirectURL {7}, GraphBaseEndpoint {8}, GraphApiVersion {9}",
_bUseAadGraph, _clientId, _clientSecret,
_authorityFormat, _tenant, _AadResourceURL, _scope, _redirectURL,
_graphBasePoint, _graphApiVersion);
AuthenticationScheme = _authenticationScheme;
ClientId = _clientId;
DisplayName = _displayName;
CallbackPath = new PathString( "/signin-" + _authenticationScheme );
// AutomaticChallenge = true;
if ( !String.IsNullOrEmpty(_clientSecret))
ClientSecret = _clientSecret;
if ( !String.IsNullOrEmpty(_scope))
{
foreach (var scope in _scope.Split(new char[] { ' ' }))
{
Scope.Add(scope);
}
}
if (_bUseAadGraph || _bUseToken )
ResponseType = OpenIdConnectResponseType.CodeIdToken;
if ( _bUseIdToken )
ResponseType = OpenIdConnectResponseType.IdToken;
Authority = String.Format(_authorityFormat, _tenant);
PostLogoutRedirectUri = "/";
GetClaimsFromUserInfoEndpoint = true;
/*
openIDOpt.TokenValidationParameters = new TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false
};*/
var ev = new OpenIdConnectEvents();
if (_bUseAadGraph)
{
ev.OnAuthorizationCodeReceived = OnAuthorizationCodeReceived;
ev.OnRedirectToIdentityProvider = OnRedirectToIdentityProvider;
}
if ( _bUseAadGraph || _bUseToken || _bUseIdToken )
ev.OnTokenValidated = OnTokenValidated;
ev.OnRemoteFailure = OnAuthenticationFailed;
Events = ev;
}