splitted config between development and production

Author: marcusca10

Microsoft.SCIM.WebHostSample/Controllers/TokenController.cs

@@ -17,7 +17,8 @@ namespace Microsoft.SCIM.WebHostSample.Controllers
     public class TokenController : ControllerBase
     {
         private readonly IConfiguration _configuration;
-        //private const int TokenLifetimeInMins = 120;
+        
+        private const int defaultTokenExpiration = 120;
 
         public TokenController(IConfiguration Configuration)
         {
@@ -26,14 +27,22 @@ public TokenController(IConfiguration Configuration)
 
         private string GenerateJSONWebToken()
         {
+            // Create token key
             SymmetricSecurityKey securityKey =
                 new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this._configuration["Token:IssuerSigningKey"]));
             SigningCredentials credentials =
                 new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
 
+            // Set token expiration
             DateTime startTime = DateTime.UtcNow;
-            DateTime expiryTime = startTime.AddMinutes(double.Parse(this._configuration["Token:TokenLifetimeInMins"]));
+            DateTime expiryTime;
+            double tokenExpiration;
+            if (double.TryParse(this._configuration["Token:TokenLifetimeInMins"], out tokenExpiration))
+                expiryTime = startTime.AddMinutes(tokenExpiration);
+            else
+                expiryTime = startTime.AddMinutes(defaultTokenExpiration);
 
+            // Generate the token
             JwtSecurityToken token =
                 new JwtSecurityToken(
                     this._configuration["Token:TokenIssuer"],

Microsoft.SCIM.WebHostSample/Startup.cs

@@ -18,13 +18,15 @@ namespace Microsoft.SCIM.WebHostSample
 {
     public class Startup
     {
+        private readonly IWebHostEnvironment _env;
         private readonly IConfiguration _configuration;
 
         public IMonitor MonitoringBehavior { get; set; }
         public IProvider ProviderBehavior { get; set; }
 
-        public Startup(IConfiguration configuration)
+        public Startup(IWebHostEnvironment env, IConfiguration configuration)
         {
+            this._env = env;
             this._configuration = configuration;
 
             this.MonitoringBehavior = new ConsoleMonitor();
@@ -35,26 +37,57 @@ public Startup(IConfiguration configuration)
         // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication(options =>
+            if (_env.IsDevelopment())
             {
-                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
-            })
-                .AddJwtBearer(options =>
+                // Development environment code
+                // Validation for bearer token for authorization used during testing.
+                // This is not meant to replace proper OAuth for authentication purposes.
+                services.AddAuthentication(options =>
                 {
-                    options.TokenValidationParameters =
-                        new TokenValidationParameters
+                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+                })
+                    .AddJwtBearer(options =>
+                    {
+                        options.TokenValidationParameters =
+                            new TokenValidationParameters
+                            {
+                                ValidateIssuer = false,
+                                ValidateAudience = false,
+                                ValidateLifetime = false,
+                                ValidateIssuerSigningKey = false,
+                                ValidIssuer = this._configuration["Token:TokenIssuer"],
+                                ValidAudience = this._configuration["Token:TokenAudience"],
+                                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this._configuration["Token:IssuerSigningKey"]))
+                            };
+                    });
+            }
+            else
+            {
+                // Azure AD token validation code
+                services.AddAuthentication(options =>
+                {
+                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+                })
+                    .AddJwtBearer(options =>
+                    {
+                        options.Authority = this._configuration["Token:TokenIssuer"];
+                        options.Audience = this._configuration["Token:TokenAudience"];
+                        options.Events = new JwtBearerEvents
                         {
-                            ValidateIssuer = false,
-                            ValidateAudience = false,
-                            ValidateLifetime = false,
-                            ValidateIssuerSigningKey = false,
-                            ValidIssuer = this._configuration["Token:TokenIssuer"],
-                            ValidAudience = this._configuration["Token:TokenAudience"],
-                            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this._configuration["Token:IssuerSigningKey"]))
+                            OnTokenValidated = context =>
+                            {
+                                // NOTE: You can optionally take action when the OAuth 2.0 bearer token was validated.
+
+                                return Task.CompletedTask;
+                            },
+                            OnAuthenticationFailed = AuthenticationFailed
                         };
-                });
+                    });
+            }
 
             services.AddControllers().AddNewtonsoftJson();
 
@@ -63,9 +96,9 @@ public void ConfigureServices(IServiceCollection services)
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
-        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
+        public void Configure(IApplicationBuilder app)
         {
-            if (env.IsDevelopment())
+            if (_env.IsDevelopment())
             {
                 app.UseDeveloperExceptionPage();
             }
@@ -83,5 +116,16 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                     endpoints.MapDefaultControllerRoute();
                 });
         }
+
+        private Task AuthenticationFailed(AuthenticationFailedContext arg)
+        {
+            // For debugging purposes only!
+            var s = $"{{AuthenticationFailed: '{arg.Exception.Message}'}}";
+
+            arg.Response.ContentLength = s.Length;
+            arg.Response.Body.WriteAsync(Encoding.UTF8.GetBytes(s), 0, s.Length);
+
+            return Task.FromException(arg.Exception);
+        }
     }
 }

Microsoft.SCIM.WebHostSample/appsettings.json

@@ -6,5 +6,9 @@
       "Microsoft.Hosting.Lifetime": "Information"
     }
   },
+  "Token": {
+    "TokenAudience": "8adf8e6e-67b2-4cf2-a259-e3dc5476c621",
+    "TokenIssuer": "https://sts.windows.net/<tenant_id>/"
+  },
   "AllowedHosts": "*"
 }