Commit ce85260

author

Kalyan Krishna

committed

Code comments addressed

1 parent b14dc07 commit ce85260Copy full SHA for ce85260

File tree

2 files changed

+43

-46

lines changed

AppCreationScripts
- Configure.ps1
TodoListService-ManualJwt
- Global.asax.cs

2 files changed

+43

-46

lines changed

`‎AppCreationScripts/Configure.ps1‎`

Lines changed: 7 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ Function GetRequiredPermissions([string] $applicationDisplayName, [string] $requ`
`66`	`66`	`{`
`67`	`67`	`AddResourcePermission $requiredAccess -exposedPermissions $sp.Oauth2Permissions -requiredAccesses $requiredDelegatedPermissions -permissionType "Scope"`
`68`	`68`	`}`
`69`		`-`
	`69`	`+`
`70`	`70`	`# $sp.AppRoles \| Select Id,AdminConsentDisplayName,Value: To see the list of all the Application permissions for the application`
`71`	`71`	`if ($requiredApplicationPermissions)`
`72`	`72`	`{`
`@@ -181,13 +181,12 @@ Function ConfigureApplications`
`181`	`181`	`Set-AzureADApplication -ObjectId $clientAadApplication.ObjectId -RequiredResourceAccess $requiredResourcesAccess`
`182`	`182`	`Write-Host "Granted."`
`183`	`183`
`184`		`- # Configure known client applications for service`
`185`		`- Write-Host "Configure known client applications for the 'service'"`
`186`		`- $knowApplications = New-Object System.Collections.Generic.List[System.String]`
`187`		`- $knowApplications.Add($clientAadApplication.AppId)`
`188`		`- Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -KnownClientApplications $knowApplications`
`189`		`- Write-Host "Configured."`
`190`		`-`
	`184`	`+ # Configure known client applications for service`
	`185`	`+ Write-Host "Configure known client applications for the 'service'"`
	`186`	`+ $knowApplications = New-Object System.Collections.Generic.List[System.String]`
	`187`	`+ $knowApplications.Add($clientAadApplication.AppId)`
	`188`	`+ Set-AzureADApplication -ObjectId $serviceAadApplication.ObjectId -KnownClientApplications $knowApplications`
	`189`	`+ Write-Host "Configured."`
`191`	`190`
`192`	`191`	`# Update config file for 'service'`
`193`	`192`	`$configFile = $pwd.Path + "\..\TodoListService-ManualJwt\Web.Config"`

`‎TodoListService-ManualJwt/Global.asax.cs‎`

Lines changed: 36 additions & 38 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,31 +14,28 @@`
`14`	`14`	`// limitations under the License.`
`15`	`15`	`//----------------------------------------------------------------------------------------------`
`16`	`16`
	`17`	`+using Microsoft.IdentityModel.Protocols;`
	`18`	`+using Microsoft.IdentityModel.Protocols.OpenIdConnect;`
	`19`	`+using Microsoft.IdentityModel.Tokens;`
`17`	`20`	`using System;`
`18`	`21`	`using System.Collections.Generic;`
`19`		`-using System.Linq;`
	`22`	`+using System.Configuration;`
	`23`	`+using System.Globalization;`
	`24`	`+using System.IdentityModel.Tokens.Jwt;`
	`25`	`+using System.Net;`
	`26`	`+`
	`27`	`+// The following using statements were added for this sample.`
	`28`	`+using System.Net.Http;`
	`29`	`+using System.Net.Http.Headers;`
	`30`	`+using System.Security.Claims;`
	`31`	`+using System.Threading;`
	`32`	`+using System.Threading.Tasks;`
`20`	`33`	`using System.Web;`
`21`	`34`	`using System.Web.Http;`
`22`	`35`	`using System.Web.Mvc;`
`23`	`36`	`using System.Web.Optimization;`
`24`	`37`	`using System.Web.Routing;`
`25`	`38`
`26`		`-// The following using statements were added for this sample.`
`27`		`-using System.Net.Http;using System.Threading.Tasks;`
`28`		`-using System.Threading;`
`29`		`-using System.Net;`
`30`		`-using System.IdentityModel.Selectors;`
`31`		`-using System.Security.Claims;`
`32`		`-using System.Net.Http.Headers;`
`33`		`-using Microsoft.IdentityModel.Tokens;`
`34`		`-using System.ServiceModel.Security;`
`35`		`-using System.Xml;`
`36`		`-using System.IdentityModel.Tokens.Jwt;`
`37`		`-using System.Globalization;`
`38`		`-using System.Configuration;`
`39`		`-using Microsoft.IdentityModel.Protocols;`
`40`		`-using Microsoft.IdentityModel.Protocols.OpenIdConnect;`
`41`		`-`
`42`	`39`	`namespace TodoListService_ManualJwt`
`43`	`40`	`{`
`44`	`41`	`public class WebApiApplication : System.Web.HttpApplication`
`@@ -62,17 +59,18 @@ internal class TokenValidationHandler : DelegatingHandler`
`62`	`59`	`// The Authority is the sign-in URL of the tenant.`
`63`	`60`	`// The Audience is the value the service expects to see in tokens that are addressed to it.`
`64`	`61`	`//`
`65`		`- static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];`
`66`		`- static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];`
`67`		`- static string audience = ConfigurationManager.AppSettings["ida:Audience"];`
`68`		`- static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];`
`69`		`- string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);`
`70`		`-`
`71`		`- static string _issuer = string.Empty;`
`72`		`- static ICollection<SecurityKey> _signingKeys = null;`
`73`		`- static DateTime _stsMetadataRetrievalTime = DateTime.MinValue;`
`74`		`- static string scopeClaimType = "http://schemas.microsoft.com/identity/claims/scope";`
`75`		`-`
	`62`	`+ private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];`
	`63`	`+`
	`64`	`+ private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];`
	`65`	`+ private static string audience = ConfigurationManager.AppSettings["ida:Audience"];`
	`66`	`+ private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];`
	`67`	`+ private string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);`
	`68`	`+`
	`69`	`+ private static string _issuer = string.Empty;`
	`70`	`+ private static ICollection<SecurityKey> _signingKeys = null;`
	`71`	`+ private static DateTime _stsMetadataRetrievalTime = DateTime.MinValue;`
	`72`	`+ private static string scopeClaimType = "http://schemas.microsoft.com/identity/claims/scope";`
	`73`	`+`
`76`	`74`	`//`
`77`	`75`	`// SendAsync checks that incoming requests have a valid access token, and sets the current user identity using that access token.`
`78`	`76`	`//`
`@@ -93,27 +91,27 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage`
`93`	`91`	`}`
`94`	`92`
`95`	`93`	`string issuer;`
`96`		`- ICollection<SecurityKey> signingTokens;`
	`94`	`+ ICollection<SecurityKey> signingKeys;`
`97`	`95`
`98`	`96`	`try`
`99`	`97`	`{`
`100`		`- // The issuer and signingTokens are cached for 24 hours. They are updated if any of the conditions in the if condition is true.`
	`98`	`+ // The issuer and signingKeys are cached for 24 hours. They are updated if any of the conditions in the if condition is true.`
`101`	`99`	`if (DateTime.UtcNow.Subtract(_stsMetadataRetrievalTime).TotalHours > 24`
`102`	`100`	`\|\| string.IsNullOrEmpty(_issuer)`
`103`	`101`	`\|\| _signingKeys == null)`
`104`	`102`	`{`
`105`	`103`	`// Get tenant information that's used to validate incoming jwt tokens`
`106`	`104`	`string stsDiscoveryEndpoint = $"{this.authority}/.well-known/openid-configuration";`
`107`		`- Microsoft.IdentityModel.Protocols.ConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint, new OpenIdConnectConfigurationRetriever());`
`108`		`- Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync(cancellationToken);`
	`105`	`+ var configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint, new OpenIdConnectConfigurationRetriever());`
	`106`	`+ var config = await configManager.GetConfigurationAsync(cancellationToken);`
`109`	`107`	`_issuer = config.Issuer;`
`110`	`108`	`_signingKeys = config.SigningKeys;`
`111`		`-`
	`109`	`+`
`112`	`110`	`_stsMetadataRetrievalTime = DateTime.UtcNow;`
`113`	`111`	`}`
`114`	`112`
`115`	`113`	`issuer = _issuer;`
`116`		`- signingTokens = _signingKeys;`
	`114`	`+ signingKeys = _signingKeys;`
`117`	`115`	`}`
`118`	`116`	`catch (Exception)`
`119`	`117`	`{`
`@@ -128,8 +126,8 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage`
`128`	`126`	`ValidAudiences = new[] { audience, clientId },`
`129`	`127`
`130`	`128`	`// Supports both the Azure AD V1 and V2 endpoint`
`131`		`- ValidIssuers = new[] { issuer, $"{issuer}/v2.0" },`
`132`		`- IssuerSigningKeys = signingTokens`
	`129`	`+ ValidIssuers = new[] { issuer, $"{issuer}/v2.0" },`
	`130`	`+ IssuerSigningKeys = signingKeys`
`133`	`131`	`};`
`134`	`132`
`135`	`133`	`try`
`@@ -174,11 +172,11 @@ private HttpResponseMessage BuildResponseErrorMessage(HttpStatusCode statusCode)`
`174`	`172`	`//`
`175`	`173`	`// The Scheme should be "Bearer", authorization_uri should point to the tenant url and resource_id should point to the audience.`
`176`	`174`	`//`
`177`		`- AuthenticationHeaderValue authenticateHeader = new AuthenticationHeaderValue("Bearer", "authorization_uri=\"" + authority + "\"" + "," + "resource_id=" + audience);`
	`175`	`+ AuthenticationHeaderValue authenticateHeader = new AuthenticationHeaderValue("Bearer", "authorization_uri=\"" + this.authority + "\"" + "," + "resource_id=" + audience);`
`178`	`176`
`179`	`177`	`response.Headers.WwwAuthenticate.Add(authenticateHeader);`
`180`	`178`
`181`	`179`	`return response;`
`182`	`180`	`}`
`183`	`181`	`}`
`184`		`-}`
	`182`	`+}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit ce85260

File tree

2 files changed

2 files changed

`‎AppCreationScripts/Configure.ps1‎`

`‎TodoListService-ManualJwt/Global.asax.cs‎`

0 commit comments