From 7f72b15019acd890a828d38ea312eaae8a21293f Mon Sep 17 00:00:00 2001 From: Jenny Ferries Date: Wed, 1 Jul 2020 10:16:18 -0700 Subject: [PATCH] update sample to handle app roles w/new package --- .../Controllers/TodoListController.cs | 3 ++- 2-Call-OwnApi/TodoList-WebApi/Startup.cs | 22 ++----------------- .../TodoList-WebApi/TodoList-WebApi.csproj | 2 +- 3 files changed, 5 insertions(+), 22 deletions(-) diff --git a/2-Call-OwnApi/TodoList-WebApi/Controllers/TodoListController.cs b/2-Call-OwnApi/TodoList-WebApi/Controllers/TodoListController.cs index c46109a..fb33411 100644 --- a/2-Call-OwnApi/TodoList-WebApi/Controllers/TodoListController.cs +++ b/2-Call-OwnApi/TodoList-WebApi/Controllers/TodoListController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; +using Microsoft.Identity.Web.Resource; using Newtonsoft.Json; using TodoList_WebApi.Models; @@ -31,9 +32,9 @@ public TodoListController() // GET: api/todolist [HttpGet] - [Authorize(Policy = "DaemonAppRole")] public IActionResult Get() { + HttpContext.ValidateAppRole("DaemonAppRole"); return Ok(TodoStore.Values); } } diff --git a/2-Call-OwnApi/TodoList-WebApi/Startup.cs b/2-Call-OwnApi/TodoList-WebApi/Startup.cs index 0946bdc..89ee4c2 100644 --- a/2-Call-OwnApi/TodoList-WebApi/Startup.cs +++ b/2-Call-OwnApi/TodoList-WebApi/Startup.cs @@ -21,26 +21,8 @@ public Startup(IConfiguration configuration) // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { - // This is required to be instantiated before the OpenIdConnectOptions starts getting configured. - // By default, the claims mapping will map claim names in the old format to accommodate older SAML applications. - // 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles' - // This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token - JwtSecurityTokenHandler.DefaultMapInboundClaims = false; - - services.AddProtectedWebApi(Configuration); - - // Additional configuration - services.Configure(JwtBearerDefaults.AuthenticationScheme, options => - { - options.TokenValidationParameters.RoleClaimType = "roles"; - }); - - // Creating policies that wraps the authorization requirements. - services.AddAuthorization(options => - { - // The application should only allow tokens which roles claim contains "DaemonAppRole") - options.AddPolicy("DaemonAppRole", policy => policy.RequireRole("DaemonAppRole")); - }); + services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddMicrosoftWebApi(Configuration); services.AddControllers(); } diff --git a/2-Call-OwnApi/TodoList-WebApi/TodoList-WebApi.csproj b/2-Call-OwnApi/TodoList-WebApi/TodoList-WebApi.csproj index d4d1f4a..c7a65a4 100644 --- a/2-Call-OwnApi/TodoList-WebApi/TodoList-WebApi.csproj +++ b/2-Call-OwnApi/TodoList-WebApi/TodoList-WebApi.csproj @@ -8,7 +8,7 @@ - +