From 90d7448331ade039e9984212af75eec9af341c42 Mon Sep 17 00:00:00 2001 From: Justin Yoo Date: Mon, 6 Jan 2025 00:38:54 +0900 Subject: [PATCH] Add EasyAuth.Handlers (#7) --- Dockerfile.containerapp | 1 + EasyAuth.sln | 33 +++++++----- README.md | 8 +-- infra/resources.bicep | 4 ++ .../EasyAuth.ContainerApp.csproj | 1 + .../Properties/launchSettings.json | 8 +-- .../Services/RequestService.cs | 10 ++-- .../AuthDetailsHttpTrigger.cs | 2 +- .../EasyAuth.Handlers.csproj | 13 +++++ ...EasyAuthAuthenticationBuilderExtensions.cs | 19 +++++++ .../EasyAuthAuthenticationHandler.cs | 43 ++++++++++++++++ .../EasyAuthAuthenticationOptions.cs | 11 ++++ src/EasyAuth.Handlers/MsClientPrincipal.cs | 51 +++++++++++++++++++ .../MsClientPrincipalClaim.cs | 12 +++++ .../Services/RequestService.cs | 6 +-- .../Components/Pages/Home.razor | 18 ++++++- .../Components/Pages/Weather.razor | 2 + src/EasyAuth.WebApp/EasyAuth.WebApp.csproj | 1 + src/EasyAuth.WebApp/Program.cs | 8 +++ .../Properties/launchSettings.json | 8 +-- .../Services/RequestService.cs | 10 ++-- .../appsettings.Development.json | 4 +- 22 files changed, 229 insertions(+), 44 deletions(-) create mode 100644 src/EasyAuth.Handlers/EasyAuth.Handlers.csproj create mode 100644 src/EasyAuth.Handlers/EasyAuthAuthenticationBuilderExtensions.cs create mode 100644 src/EasyAuth.Handlers/EasyAuthAuthenticationHandler.cs create mode 100644 src/EasyAuth.Handlers/EasyAuthAuthenticationOptions.cs create mode 100644 src/EasyAuth.Handlers/MsClientPrincipal.cs create mode 100644 src/EasyAuth.Handlers/MsClientPrincipalClaim.cs diff --git a/Dockerfile.containerapp b/Dockerfile.containerapp index f562056..c5490d2 100644 --- a/Dockerfile.containerapp +++ b/Dockerfile.containerapp @@ -4,6 +4,7 @@ FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine AS build COPY ./src/EasyAuth.ContainerApp /source/EasyAuth.ContainerApp COPY ./src/EasyAuth.Components /source/EasyAuth.Components +COPY ./src/EasyAuth.Handlers /source/EasyAuth.Handlers WORKDIR /source/EasyAuth.ContainerApp diff --git a/EasyAuth.sln b/EasyAuth.sln index 192f597..5277fdc 100644 --- a/EasyAuth.sln +++ b/EasyAuth.sln @@ -5,13 +5,15 @@ VisualStudioVersion = 17.0.31903.59 MinimumVisualStudioVersion = 10.0.40219.1 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{09E22D62-2D4D-40BE-94ED-90EB8528124A}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.ContainerApp", "src\EasyAuth.ContainerApp\EasyAuth.ContainerApp.csproj", "{F2AACAFC-9022-4D1C-9B3F-F05D9D4DCCB6}" +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.Components", "src\EasyAuth.Components\EasyAuth.Components.csproj", "{0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.SwaApp", "src\EasyAuth.SwaApp\EasyAuth.SwaApp.csproj", "{7EE7A101-712C-45B6-8501-05E7FECEDA8A}" +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.Handlers", "src\EasyAuth.Handlers\EasyAuth.Handlers.csproj", "{C342238C-516D-4A56-B3A0-9D5112C31C9F}" EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.WebApp", "src\EasyAuth.WebApp\EasyAuth.WebApp.csproj", "{EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.Components", "src\EasyAuth.Components\EasyAuth.Components.csproj", "{0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}" +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.ContainerApp", "src\EasyAuth.ContainerApp\EasyAuth.ContainerApp.csproj", "{F2AACAFC-9022-4D1C-9B3F-F05D9D4DCCB6}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.SwaApp", "src\EasyAuth.SwaApp\EasyAuth.SwaApp.csproj", "{7EE7A101-712C-45B6-8501-05E7FECEDA8A}" EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EasyAuth.FunctionApp", "src\EasyAuth.FunctionApp\EasyAuth.FunctionApp.csproj", "{560AC983-7BF0-499D-B2B8-15C4B74633A3}" EndProject @@ -21,6 +23,18 @@ Global Release|Any CPU = Release|Any CPU EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution + {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Debug|Any CPU.Build.0 = Debug|Any CPU + {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Release|Any CPU.ActiveCfg = Release|Any CPU + {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Release|Any CPU.Build.0 = Release|Any CPU + {C342238C-516D-4A56-B3A0-9D5112C31C9F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {C342238C-516D-4A56-B3A0-9D5112C31C9F}.Debug|Any CPU.Build.0 = Debug|Any CPU + {C342238C-516D-4A56-B3A0-9D5112C31C9F}.Release|Any CPU.ActiveCfg = Release|Any CPU + {C342238C-516D-4A56-B3A0-9D5112C31C9F}.Release|Any CPU.Build.0 = Release|Any CPU + {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Debug|Any CPU.Build.0 = Debug|Any CPU + {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Release|Any CPU.ActiveCfg = Release|Any CPU + {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Release|Any CPU.Build.0 = Release|Any CPU {F2AACAFC-9022-4D1C-9B3F-F05D9D4DCCB6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {F2AACAFC-9022-4D1C-9B3F-F05D9D4DCCB6}.Debug|Any CPU.Build.0 = Debug|Any CPU {F2AACAFC-9022-4D1C-9B3F-F05D9D4DCCB6}.Release|Any CPU.ActiveCfg = Release|Any CPU @@ -29,14 +43,6 @@ Global {7EE7A101-712C-45B6-8501-05E7FECEDA8A}.Debug|Any CPU.Build.0 = Debug|Any CPU {7EE7A101-712C-45B6-8501-05E7FECEDA8A}.Release|Any CPU.ActiveCfg = Release|Any CPU {7EE7A101-712C-45B6-8501-05E7FECEDA8A}.Release|Any CPU.Build.0 = Release|Any CPU - {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Debug|Any CPU.Build.0 = Debug|Any CPU - {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Release|Any CPU.ActiveCfg = Release|Any CPU - {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2}.Release|Any CPU.Build.0 = Release|Any CPU - {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Debug|Any CPU.Build.0 = Debug|Any CPU - {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Release|Any CPU.ActiveCfg = Release|Any CPU - {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132}.Release|Any CPU.Build.0 = Release|Any CPU {560AC983-7BF0-499D-B2B8-15C4B74633A3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {560AC983-7BF0-499D-B2B8-15C4B74633A3}.Debug|Any CPU.Build.0 = Debug|Any CPU {560AC983-7BF0-499D-B2B8-15C4B74633A3}.Release|Any CPU.ActiveCfg = Release|Any CPU @@ -46,10 +52,11 @@ Global HideSolutionNode = FALSE EndGlobalSection GlobalSection(NestedProjects) = preSolution + {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} + {C342238C-516D-4A56-B3A0-9D5112C31C9F} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} + {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} {F2AACAFC-9022-4D1C-9B3F-F05D9D4DCCB6} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} {7EE7A101-712C-45B6-8501-05E7FECEDA8A} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} - {EDBFCBE0-3F6B-4DA4-84B0-0218CC4261C2} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} - {0CDA4CFC-514A-4F52-BBFA-7A0B4100D132} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} {560AC983-7BF0-499D-B2B8-15C4B74633A3} = {09E22D62-2D4D-40BE-94ED-90EB8528124A} EndGlobalSection EndGlobal diff --git a/README.md b/README.md index e8b5293..ae8c8c2 100644 --- a/README.md +++ b/README.md @@ -31,12 +31,6 @@ This provides sample [Blazor](https://learn.microsoft.com/aspnet/core/blazor/) a dotnet restore && dotnet build ``` -1. Create artifacts for each app - - ```bash - dotnet publish -c Release - ``` - 1. Login to Azure. ```bash @@ -79,7 +73,7 @@ This provides sample [Blazor](https://learn.microsoft.com/aspnet/core/blazor/) a ## Known Limitations of Azure EasyAuth -Azure EasyAuth is supposed to protect your entire app, not for specific pages. Therefore, if you want to protect certain pages of your app, you have to implement the authentication/authorisation logic by yourself. +Azure EasyAuth is supposed to protect your entire app, not for specific pages. Therefore, if you want to protect certain pages of your app, you have to implement a custom authentication/authorisation logic by yourself. In this sample app, the [`EasyAuth.Handlers`](./src/EasyAuth.Handlers/) project is the one. ## Clean Up diff --git a/infra/resources.bicep b/infra/resources.bicep index 55f1d00..08a2b73 100644 --- a/infra/resources.bicep +++ b/infra/resources.bicep @@ -202,6 +202,10 @@ module easyauthWebapp 'br/public:avm/res/web/site:0.12.1' = { name: 'WEBSITES_ENABLE_APP_SERVICE_STORAGE' value: 'false' } + { + name: 'USE_AUTH_DETAILS' + value: 'false' + } ] ftpsState: 'FtpsOnly' linuxFxVersion: 'DOTNETCORE|9.0' diff --git a/src/EasyAuth.ContainerApp/EasyAuth.ContainerApp.csproj b/src/EasyAuth.ContainerApp/EasyAuth.ContainerApp.csproj index 44ebba0..6005277 100644 --- a/src/EasyAuth.ContainerApp/EasyAuth.ContainerApp.csproj +++ b/src/EasyAuth.ContainerApp/EasyAuth.ContainerApp.csproj @@ -9,6 +9,7 @@ + diff --git a/src/EasyAuth.ContainerApp/Properties/launchSettings.json b/src/EasyAuth.ContainerApp/Properties/launchSettings.json index 0623c06..26f0824 100644 --- a/src/EasyAuth.ContainerApp/Properties/launchSettings.json +++ b/src/EasyAuth.ContainerApp/Properties/launchSettings.json @@ -1,20 +1,20 @@ { "$schema": "https://json.schemastore.org/launchsettings.json", "profiles": { - "https": { + "http": { "commandName": "Project", "dotnetRunMessages": true, "launchBrowser": true, - "applicationUrl": "https://localhost:3030;http://localhost:3000", + "applicationUrl": "http://localhost:8040", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } }, - "http": { + "https": { "commandName": "Project", "dotnetRunMessages": true, "launchBrowser": true, - "applicationUrl": "http://localhost:3000", + "applicationUrl": "https://localhost:8041;http://localhost:8040", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } diff --git a/src/EasyAuth.ContainerApp/Services/RequestService.cs b/src/EasyAuth.ContainerApp/Services/RequestService.cs index 4c1c1e0..f0db819 100644 --- a/src/EasyAuth.ContainerApp/Services/RequestService.cs +++ b/src/EasyAuth.ContainerApp/Services/RequestService.cs @@ -1,6 +1,7 @@ -using System.Text.Json; +using System.Text.Json; using EasyAuth.Components.Services; +using EasyAuth.Handlers; namespace EasyAuth.ContainerApp.Services; @@ -82,10 +83,9 @@ public async Task GetClientPrincipal() return "No client principal found"; } - var decoded = Convert.FromBase64String(encoded); - using var stream = new MemoryStream(decoded); - var clientPrincipal = JsonSerializer.Serialize(await JsonSerializer.DeserializeAsync(stream), options); + var principal = await MsClientPrincipal.ParseMsClientPrincipal(encoded!).ConfigureAwait(false); + var serialised = JsonSerializer.Serialize(principal, options); - return clientPrincipal; + return serialised; } } diff --git a/src/EasyAuth.FunctionApp/AuthDetailsHttpTrigger.cs b/src/EasyAuth.FunctionApp/AuthDetailsHttpTrigger.cs index 1898a8d..8d6139b 100644 --- a/src/EasyAuth.FunctionApp/AuthDetailsHttpTrigger.cs +++ b/src/EasyAuth.FunctionApp/AuthDetailsHttpTrigger.cs @@ -66,7 +66,7 @@ public async Task GetClientPrincipal([HttpTrigger(AuthorizationLe return new OkObjectResult("No client principal found"); } - var decoded = Convert.FromBase64String(encoded); + var decoded = Convert.FromBase64String(encoded!); using var stream = new MemoryStream(decoded); var clientPrincipal = JsonSerializer.Serialize(await JsonSerializer.DeserializeAsync(stream), options); diff --git a/src/EasyAuth.Handlers/EasyAuth.Handlers.csproj b/src/EasyAuth.Handlers/EasyAuth.Handlers.csproj new file mode 100644 index 0000000..65f83a5 --- /dev/null +++ b/src/EasyAuth.Handlers/EasyAuth.Handlers.csproj @@ -0,0 +1,13 @@ + + + + net9.0 + enable + enable + + + + + + + \ No newline at end of file diff --git a/src/EasyAuth.Handlers/EasyAuthAuthenticationBuilderExtensions.cs b/src/EasyAuth.Handlers/EasyAuthAuthenticationBuilderExtensions.cs new file mode 100644 index 0000000..516953e --- /dev/null +++ b/src/EasyAuth.Handlers/EasyAuthAuthenticationBuilderExtensions.cs @@ -0,0 +1,19 @@ +using Microsoft.AspNetCore.Authentication; + +namespace EasyAuth.Handlers; + +public static class EasyAuthAuthenticationBuilderExtensions +{ + public static AuthenticationBuilder AddAzureEasyAuthHandler(this AuthenticationBuilder builder, Action? configure = null) + { + if (configure == null) + { + configure = o => { }; + } + + return builder.AddScheme( + EasyAuthAuthenticationHandler.EASY_AUTH_SCHEME_NAME, + EasyAuthAuthenticationHandler.EASY_AUTH_SCHEME_NAME, + configure); + } +} diff --git a/src/EasyAuth.Handlers/EasyAuthAuthenticationHandler.cs b/src/EasyAuth.Handlers/EasyAuthAuthenticationHandler.cs new file mode 100644 index 0000000..72d479d --- /dev/null +++ b/src/EasyAuth.Handlers/EasyAuthAuthenticationHandler.cs @@ -0,0 +1,43 @@ +using System.Text.Encodings.Web; + +using Microsoft.AspNetCore.Authentication; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; + +namespace EasyAuth.Handlers; + +public class EasyAuthAuthenticationHandler(IOptionsMonitor options, ILoggerFactory logger, UrlEncoder encoder) + : AuthenticationHandler(options, logger, encoder) +{ + public const string EASY_AUTH_SCHEME_NAME = "EasyAuth"; + + protected override async Task HandleAuthenticateAsync() + { + try + { + var easyAuthProvider = Context.Request.Headers["X-MS-CLIENT-PRINCIPAL-IDP"].FirstOrDefault() ?? "aad"; + var encoded = Context.Request.Headers["X-MS-CLIENT-PRINCIPAL"].FirstOrDefault(); + if (string.IsNullOrWhiteSpace(encoded) == true) + { + return AuthenticateResult.NoResult(); + } + + var principal = await MsClientPrincipal.ParseClaimsPrincipal(encoded!).ConfigureAwait(false); + if (principal == null) + { + return AuthenticateResult.NoResult(); + } + + var ticket = new AuthenticationTicket(principal, easyAuthProvider); + var success = AuthenticateResult.Success(ticket); + + this.Context.User = principal; + + return success; + } + catch (Exception ex) + { + return AuthenticateResult.Fail(ex); + } + } +} \ No newline at end of file diff --git a/src/EasyAuth.Handlers/EasyAuthAuthenticationOptions.cs b/src/EasyAuth.Handlers/EasyAuthAuthenticationOptions.cs new file mode 100644 index 0000000..74865f6 --- /dev/null +++ b/src/EasyAuth.Handlers/EasyAuthAuthenticationOptions.cs @@ -0,0 +1,11 @@ +using Microsoft.AspNetCore.Authentication; + +namespace EasyAuth.Handlers; + +public class EasyAuthAuthenticationOptions : AuthenticationSchemeOptions +{ + public EasyAuthAuthenticationOptions() + { + Events = new object(); + } +} diff --git a/src/EasyAuth.Handlers/MsClientPrincipal.cs b/src/EasyAuth.Handlers/MsClientPrincipal.cs new file mode 100644 index 0000000..eee691a --- /dev/null +++ b/src/EasyAuth.Handlers/MsClientPrincipal.cs @@ -0,0 +1,51 @@ +using System.Security.Claims; +using System.Text.Json; +using System.Text.Json.Serialization; + +namespace EasyAuth.Handlers; + +public class MsClientPrincipal +{ + private static readonly JsonSerializerOptions options = new JsonSerializerOptions { PropertyNameCaseInsensitive = true }; + + [JsonPropertyName("auth_typ")] + public string? IdentityProvider { get; set; } + + [JsonPropertyName("name_typ")] + public string? NameClaimType { get; set; } + + [JsonPropertyName("role_typ")] + public string? RoleClaimType { get; set; } + + [JsonPropertyName("claims")] + public IEnumerable? Claims { get; set; } + + public static async Task ParseMsClientPrincipal(string value) + { + var decoded = Convert.FromBase64String(value); + using var stream = new MemoryStream(decoded); + var principal = await JsonSerializer.DeserializeAsync(stream, options).ConfigureAwait(false); + + return principal; + } + + public static async Task ParseClaimsPrincipal(string value) + { + var clientPrincipal = await ParseMsClientPrincipal(value).ConfigureAwait(false); + if (clientPrincipal == null || clientPrincipal.Claims?.Any() == false) + { + return null; + } + + var claims = clientPrincipal.Claims!.Select(claim => new Claim(claim.Type!, claim.Value!)); + + // remap "roles" claims from easy auth to the more standard ClaimTypes.Role: "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" + var easyAuthRoleClaims = claims.Where(claim => claim.Type == "roles"); + var claimsAndRoles = claims.Concat(easyAuthRoleClaims.Select(role => new Claim(clientPrincipal.RoleClaimType!, role.Value))); + + var identity = new ClaimsIdentity(claimsAndRoles, clientPrincipal.IdentityProvider, clientPrincipal.NameClaimType, clientPrincipal.RoleClaimType); + var claimsPrincipal = new ClaimsPrincipal(identity); + + return claimsPrincipal; + } +} diff --git a/src/EasyAuth.Handlers/MsClientPrincipalClaim.cs b/src/EasyAuth.Handlers/MsClientPrincipalClaim.cs new file mode 100644 index 0000000..34398d4 --- /dev/null +++ b/src/EasyAuth.Handlers/MsClientPrincipalClaim.cs @@ -0,0 +1,12 @@ +using System.Text.Json.Serialization; + +namespace EasyAuth.Handlers; + +public class MsClientPrincipalClaim +{ + [JsonPropertyName("typ")] + public string? Type { get; set; } + + [JsonPropertyName("val")] + public string? Value { get; set; } +} \ No newline at end of file diff --git a/src/EasyAuth.SwaApp/Services/RequestService.cs b/src/EasyAuth.SwaApp/Services/RequestService.cs index 18a848e..f095c64 100644 --- a/src/EasyAuth.SwaApp/Services/RequestService.cs +++ b/src/EasyAuth.SwaApp/Services/RequestService.cs @@ -1,4 +1,4 @@ -using System.Text; +using System.Text; using EasyAuth.Components.Services; @@ -48,9 +48,9 @@ public async Task GetAuthMe() { authMe = await http.GetStringAsync("/.auth/me"); } - catch + catch (Exception ex) { - authMe = "Not authenticated"; + authMe = ex.Message; } return authMe; diff --git a/src/EasyAuth.WebApp/Components/Pages/Home.razor b/src/EasyAuth.WebApp/Components/Pages/Home.razor index 231346a..cb1e4bd 100644 --- a/src/EasyAuth.WebApp/Components/Pages/Home.razor +++ b/src/EasyAuth.WebApp/Components/Pages/Home.razor @@ -1,4 +1,5 @@ @page "/" +@inject IConfiguration Config Home @@ -6,4 +7,19 @@ Welcome to your new app. - +@if (useAuthDetails == true) +{ + +} + +@code +{ + private bool useAuthDetails; + + protected override async Task OnInitializedAsync() + { + useAuthDetails = bool.TryParse(Config["USE_AUTH_DETAILS"], out var result) && result; + + await Task.CompletedTask; + } +} diff --git a/src/EasyAuth.WebApp/Components/Pages/Weather.razor b/src/EasyAuth.WebApp/Components/Pages/Weather.razor index 381bbd2..4704314 100644 --- a/src/EasyAuth.WebApp/Components/Pages/Weather.razor +++ b/src/EasyAuth.WebApp/Components/Pages/Weather.razor @@ -1,5 +1,7 @@ @page "/weather" +@using Microsoft.AspNetCore.Authorization @attribute [StreamRendering] +@attribute [Authorize(AuthenticationSchemes = "EasyAuth")] Weather diff --git a/src/EasyAuth.WebApp/EasyAuth.WebApp.csproj b/src/EasyAuth.WebApp/EasyAuth.WebApp.csproj index b921c7d..c7dd7f0 100644 --- a/src/EasyAuth.WebApp/EasyAuth.WebApp.csproj +++ b/src/EasyAuth.WebApp/EasyAuth.WebApp.csproj @@ -9,6 +9,7 @@ + diff --git a/src/EasyAuth.WebApp/Program.cs b/src/EasyAuth.WebApp/Program.cs index dcf5efc..55f143e 100644 --- a/src/EasyAuth.WebApp/Program.cs +++ b/src/EasyAuth.WebApp/Program.cs @@ -1,4 +1,5 @@ using EasyAuth.Components.Services; +using EasyAuth.Handlers; using EasyAuth.WebApp.Components; using EasyAuth.WebApp.Services; @@ -20,6 +21,10 @@ client.BaseAddress = new Uri(baseUrl); }); +builder.Services.AddAuthentication(EasyAuthAuthenticationHandler.EASY_AUTH_SCHEME_NAME) + .AddAzureEasyAuthHandler(); +builder.Services.AddAuthorization(); + var app = builder.Build(); // Configure the HTTP request pipeline. @@ -39,4 +44,7 @@ app.MapRazorComponents() .AddInteractiveServerRenderMode(); +app.UseAuthentication(); +app.UseAuthorization(); + app.Run(); diff --git a/src/EasyAuth.WebApp/Properties/launchSettings.json b/src/EasyAuth.WebApp/Properties/launchSettings.json index 19392a7..cf7395c 100644 --- a/src/EasyAuth.WebApp/Properties/launchSettings.json +++ b/src/EasyAuth.WebApp/Properties/launchSettings.json @@ -1,20 +1,20 @@ { "$schema": "https://json.schemastore.org/launchsettings.json", "profiles": { - "https": { + "http": { "commandName": "Project", "dotnetRunMessages": true, "launchBrowser": true, - "applicationUrl": "https://localhost:7070;http://localhost:7000", + "applicationUrl": "http://localhost:8000", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } }, - "http": { + "https": { "commandName": "Project", "dotnetRunMessages": true, "launchBrowser": true, - "applicationUrl": "http://localhost:7000", + "applicationUrl": "https://localhost:8001;http://localhost:8000", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } diff --git a/src/EasyAuth.WebApp/Services/RequestService.cs b/src/EasyAuth.WebApp/Services/RequestService.cs index f3ebd04..9647199 100644 --- a/src/EasyAuth.WebApp/Services/RequestService.cs +++ b/src/EasyAuth.WebApp/Services/RequestService.cs @@ -1,6 +1,7 @@ -using System.Text.Json; +using System.Text.Json; using EasyAuth.Components.Services; +using EasyAuth.Handlers; namespace EasyAuth.WebApp.Services; @@ -82,10 +83,9 @@ public async Task GetClientPrincipal() return "No client principal found"; } - var decoded = Convert.FromBase64String(encoded); - using var stream = new MemoryStream(decoded); - var clientPrincipal = JsonSerializer.Serialize(await JsonSerializer.DeserializeAsync(stream), options); + var principal = await MsClientPrincipal.ParseMsClientPrincipal(encoded!).ConfigureAwait(false); + var serialised = JsonSerializer.Serialize(principal, options); - return clientPrincipal; + return serialised; } } diff --git a/src/EasyAuth.WebApp/appsettings.Development.json b/src/EasyAuth.WebApp/appsettings.Development.json index 0c208ae..348271a 100644 --- a/src/EasyAuth.WebApp/appsettings.Development.json +++ b/src/EasyAuth.WebApp/appsettings.Development.json @@ -4,5 +4,7 @@ "Default": "Information", "Microsoft.AspNetCore": "Warning" } - } + }, + + "USE_AUTH_DETAILS": true }