-
Notifications
You must be signed in to change notification settings - Fork 109
Authorization
All requests to the SCIM endpoints require authorization.
The SCIM reference code uses ASP.NET Core environments to control the way authorization is performed while in development or after deployment.
Use multiple environments in ASP.NET Core
private readonly IWebHostEnvironment _env;
...
public void ConfigureServices(IServiceCollection services)
{
if (_env.IsDevelopment())
{
...
}
else
{
...
}
The development environment enables features that shouldn't be exposed in production, in the reference code it controls the behavior of the security token validation.
The token validation code is configured to use a self signed security token, the signing key is stored in the configuration file, look for the "Token:IssuerSigningKey" parameter in the appsettings.Development.json file.
"Token": {
"TokenAudience": "Microsoft.Security.Bearer",
"TokenIssuer": "Microsoft.Security.Bearer",
"IssuerSigningKey": "A1B2C3D4E5F6A1B2C3D4E5F6",
"TokenLifetimeInMins": "120"
}
NOTE: By sending a GET request to the /scim/token endpoint, a token is issued using the configured key. This token can be used as bearer token for subsequent authorization.
The default token validation code is configured to use a token issued by Azure Active Directory, the issuing tenant needs to be configured using the "Token:TokenIssuer" parameter in the appsettings.json file.
"Token": {
"TokenAudience": "8adf8e6e-67b2-4cf2-a259-e3dc5476c621",
"TokenIssuer": "https://sts.windows.net/<tenant_id>/"
}
NOTE: To deploy to Azure App Service use the "Application settings" under "Settings->Configuration" to configure the TokenIssuer. No modification to the code is needed.