Merge pull request #6 from SychevIgor/master

.net core 2.0 and security changes aspnet/Security#1310
Azure-Samples · Sep 10, 2017 · a3554c1 · a3554c1
2 parents 25bbc06 + 461fec0
commit a3554c1
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 21 deletions.
diff --git a/B2C-WebApi/B2C-WebApi.csproj b/B2C-WebApi/B2C-WebApi.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp1.1</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
   </PropertyGroup>
 
   <PropertyGroup>
@@ -13,11 +13,11 @@
     <Folder Include="wwwroot\" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore" Version="1.1.2" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="1.1.2" />
-    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.1.3" />
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.1.2" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.2" />
+    <PackageReference Include="Microsoft.AspNetCore" Version="2.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="2.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="2.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="2.0.0" />
   </ItemGroup>
   <ItemGroup>
     <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.1" />

diff --git a/B2C-WebApi/Startup.cs b/B2C-WebApi/Startup.cs
@@ -1,7 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
+using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
@@ -39,6 +36,18 @@ public Startup(IHostingEnvironment env)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddAuthentication()
+                .AddJwtBearer(option => new JwtBearerOptions
+                {
+                    Authority = string.Format("https://login.microsoftonline.com/tfp/{0}/{1}/v2.0/",
+                    Configuration["Authentication:AzureAd:Tenant"], Configuration["Authentication:AzureAd:Policy"]),
+                    Audience = Configuration["Authentication:AzureAd:ClientId"],
+                    Events = new JwtBearerEvents
+                    {
+                        OnAuthenticationFailed = AuthenticationFailed
+                    }
+                });
+
             // Add framework services.
             services.AddMvc();
         }
@@ -49,17 +58,6 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
             loggerFactory.AddConsole(Configuration.GetSection("Logging"));
             loggerFactory.AddDebug();
 
-            app.UseJwtBearerAuthentication(new JwtBearerOptions
-            {
-                Authority = string.Format("https://login.microsoftonline.com/tfp/{0}/{1}/v2.0/", 
-                    Configuration["Authentication:AzureAd:Tenant"], Configuration["Authentication:AzureAd:Policy"]),
-                Audience = Configuration["Authentication:AzureAd:ClientId"],
-                Events = new JwtBearerEvents
-                {
-                    OnAuthenticationFailed = AuthenticationFailed
-                }            
-            });
-
             ScopeRead = Configuration["Authentication:AzureAd:ScopeRead"];
             ScopeWrite = Configuration["Authentication:AzureAd:ScopeWrite"];