cmatskas · May 29, 2020 04:01
diff --git a/AzureFunctionJWTValidation.cs b/AzureFunctionJWTValidation.cs
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Azure.WebJobs;
 using Microsoft.Azure.WebJobs.Extensions.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Protocols;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using System.Security.Claims;

 using System;
 using System.Linq;

 public class AuthExample
 {
    private static IConfiguration configuration;

    [FunctionName("HttpAuth")]
    public async Task<IActionResult> Run(
        [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, 
        ExecutionContext context,
        ILogger log)
    {
        GetAzureADConfiguration(context);
        var jwt = GetJwtFromHeader(req);
        if (jwt == null)
        {
            return new UnauthorizedResult();

        }
        var claimsPrincipal = await ValidateToken(jwt, log);

        return claimsPrincipal != null
            ? (ActionResult)new OkObjectResult(claimsPrincipal.Claims.FirstOrDefault(x => x.Type.Equals("name", StringComparison.CurrentCultureIgnoreCase)).Value)
            : new BadRequestObjectResult("Failed to validate access token. Authenticate and try again");
    }

    private string GetJwtFromHeader(HttpRequest req)
    {
        var authorizationHeader = req.Headers?["Authorization"];
        string[] parts = authorizationHeader?.ToString().Split(null) ?? new string[0];
        return (parts.Length == 2 && parts[0].Equals("Bearer")) ? parts[1] : string.Empty;
    }

    private void GetAzureADConfiguration(ExecutionContext context)
    {
        if (configuration != null)
        {
            return;
        }

        var config = new ConfigurationBuilder()
                .SetBasePath(context.FunctionAppDirectory)
                .AddJsonFile("local.settings.json", optional: true, reloadOnChange: true)
                .AddEnvironmentVariables()
                .Build();

        configuration = config.GetSection("AzureAd");
    }

    private async Task<ClaimsPrincipal> ValidateToken(string token, ILogger log)
    {

        var jwtHandler = new JwtSecurityTokenHandler();
        var ConfigManager = new ConfigurationManager<OpenIdConnectConfiguration>(
                 $"https://login.microsoftonline.com/{configuration["Instance"]}/v2.0/.well-known/openid-configuration",
                 new OpenIdConnectConfigurationRetriever());
        var OIDconfig = await ConfigManager.GetConfigurationAsync();

        var tokenValidator = new JwtSecurityTokenHandler();

        var validationParameters = new TokenValidationParameters
        {
            ValidAudience = configuration["ClientId"],
            ValidateAudience = true,
            IssuerSigningKeys = OIDconfig.SigningKeys,
            ValidIssuer = OIDconfig.Issuer
        };

        try
        {
            SecurityToken securityToken;
            var claimsPrincipal = tokenValidator.ValidateToken(token, validationParameters, out securityToken);
            return claimsPrincipal;
        }
        catch (Exception ex)
        {
            log.LogError(ex.ToString());
        }
        return null;
    }
 }
	using System.Threading.Tasks;
	using Microsoft.AspNetCore.Http;
	using Microsoft.AspNetCore.Mvc;
	using Microsoft.Azure.WebJobs;
	using Microsoft.Azure.WebJobs.Extensions.Http;
	using Microsoft.Extensions.Configuration;
	using Microsoft.Extensions.Logging;
	using Microsoft.IdentityModel.Protocols;
	using System.IdentityModel.Tokens.Jwt;
	using Microsoft.IdentityModel.Protocols.OpenIdConnect;
	using Microsoft.IdentityModel.Tokens;
	using System.Security.Claims;

	using System;
	using System.Linq;

	public class AuthExample
	{
	private static IConfiguration configuration;

	[FunctionName("HttpAuth")]
	public async Task<IActionResult> Run(
	[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
	ExecutionContext context,
	ILogger log)
	{
	GetAzureADConfiguration(context);
	var jwt = GetJwtFromHeader(req);
	if (jwt == null)
	{
	return new UnauthorizedResult();

	}
	var claimsPrincipal = await ValidateToken(jwt, log);

	return claimsPrincipal != null
	? (ActionResult)new OkObjectResult(claimsPrincipal.Claims.FirstOrDefault(x => x.Type.Equals("name", StringComparison.CurrentCultureIgnoreCase)).Value)
	: new BadRequestObjectResult("Failed to validate access token. Authenticate and try again");
	}

	private string GetJwtFromHeader(HttpRequest req)
	{
	var authorizationHeader = req.Headers?["Authorization"];
	string[] parts = authorizationHeader?.ToString().Split(null) ?? new string[0];
	return (parts.Length == 2 && parts[0].Equals("Bearer")) ? parts[1] : string.Empty;
	}

	private void GetAzureADConfiguration(ExecutionContext context)
	{
	if (configuration != null)
	{
	return;
	}

	var config = new ConfigurationBuilder()
	.SetBasePath(context.FunctionAppDirectory)
	.AddJsonFile("local.settings.json", optional: true, reloadOnChange: true)
	.AddEnvironmentVariables()
	.Build();

	configuration = config.GetSection("AzureAd");
	}

	private async Task<ClaimsPrincipal> ValidateToken(string token, ILogger log)
	{

	var jwtHandler = new JwtSecurityTokenHandler();
	var ConfigManager = new ConfigurationManager<OpenIdConnectConfiguration>(
	$"https://login.microsoftonline.com/{configuration["Instance"]}/v2.0/.well-known/openid-configuration",
	new OpenIdConnectConfigurationRetriever());
	var OIDconfig = await ConfigManager.GetConfigurationAsync();

	var tokenValidator = new JwtSecurityTokenHandler();

	var validationParameters = new TokenValidationParameters
	{
	ValidAudience = configuration["ClientId"],
	ValidateAudience = true,
	IssuerSigningKeys = OIDconfig.SigningKeys,
	ValidIssuer = OIDconfig.Issuer
	};

	try
	{
	SecurityToken securityToken;
	var claimsPrincipal = tokenValidator.ValidateToken(token, validationParameters, out securityToken);
	return claimsPrincipal;
	}
	catch (Exception ex)
	{
	log.LogError(ex.ToString());
	}
	return null;
	}
	}