using System;using Microsoft.AspNetCore.Authentication;using Microsoft.AspNetC

1. using System;
2. using Microsoft.AspNetCore.Authentication;
3. using Microsoft.AspNetCore.Authentication.JwtBearer;
4. using Microsoft.AspNetCore.Authorization;
5. using Microsoft.Extensions.Configuration;
6. using Microsoft.Extensions.DependencyInjection;
7.  
8. namespace auth.api.Security.AzureAd
9. {
10. public static class AzureAdExtensions
11. {
12. public static IServiceCollection AddAzureAdAuthorization(this IServiceCollection serviceCollection, IConfiguration configuration)
13. {
14. serviceCollection
15. .AddAuthorization(options =>
16. {
17. options.AddAzureAdPolicy();
18. })
19. .AddAuthentication(options =>
20. {
21. options.DefaultAuthenticateScheme = Constants.AzureAdScheme;
22. options.DefaultChallengeScheme = Constants.AzureAdScheme;
23. })
24. .AddJwtBearer(Constants.AzureAdScheme, options =>
25. {
26. options.Authority = String.Format(configuration["Authentication:Authority"], configuration["Authentication:Tenant"]);
27. options.Audience = configuration["Authentication:ClientId"];
28. });
29.  
30. return serviceCollection;
31. }
32.  
33. public static AuthorizationOptions AddAzureAdPolicy(this AuthorizationOptions options)
34. {
35. var policy = new AuthorizationPolicyBuilder()
36. .AddAuthenticationSchemes(Constants.AzureAdScheme)
37. .RequireAuthenticatedUser()
38. .Build();
39.  
40. options.AddPolicy(Constants.AzureAdPolicy, policy);
41. return options;
42. }
43. }
44. }