Merge pull request #3 from EventTriangle/oidc

Implement Azure AD OIDC role-based authorization

Author: kolosovpetro

src/consumer/EventTriangleAPI.Consumer.Domain/EventTriangleAPI.Consumer.Domain.csproj

@@ -6,4 +6,8 @@
         <Nullable>enable</Nullable>
     </PropertyGroup>
 
+    <ItemGroup>
+      <ProjectReference Include="..\..\shared\EventTriangleAPI.Shared.Application\EventTriangleAPI.Shared.Application.csproj" />
+    </ItemGroup>
+
 </Project>

src/consumer/EventTriangleAPI.Consumer.Presentation/Controllers/WeatherForecastController.cs

@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace EventTriangleAPI.Consumer.Presentation.Controllers;
@@ -17,9 +18,23 @@ public WeatherForecastController(ILogger<WeatherForecastController> logger)
     {
         _logger = logger;
     }
+    
+    [Authorize(Roles = "User, Admin")]
+    [HttpGet("user_and_admin")]
+    public IEnumerable<WeatherForecast> GetForUserAndAdmin()
+    {
+        return Enumerable.Range(1, 5).Select(index => new WeatherForecast
+            {
+                Date = DateTime.Now.AddDays(index),
+                TemperatureC = Random.Shared.Next(-20, 55),
+                Summary = Summaries[Random.Shared.Next(Summaries.Length)]
+            })
+            .ToArray();
+    }
 
-    [HttpGet(Name = "GetWeatherForecast")]
-    public IEnumerable<WeatherForecast> Get()
+    [Authorize(Roles = "Admin")]
+    [HttpGet("admin")]
+    public IEnumerable<WeatherForecast> GetForAdmin()
     {
         return Enumerable.Range(1, 5).Select(index => new WeatherForecast
             {

src/consumer/EventTriangleAPI.Consumer.Presentation/EventTriangleAPI.Consumer.Presentation.csproj

@@ -7,7 +7,11 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3"/>
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
+    </ItemGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\EventTriangleAPI.Consumer.Domain\EventTriangleAPI.Consumer.Domain.csproj" />
     </ItemGroup>
 
 </Project>

src/consumer/EventTriangleAPI.Consumer.Presentation/Program.cs

@@ -1,23 +1,31 @@
-var builder = WebApplication.CreateBuilder(args);
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Identity.Web;
+using Microsoft.IdentityModel.Logging;
 
-// Add services to the container.
+var builder = WebApplication.CreateBuilder(args);
 
 builder.Services.AddControllers();
-// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 
+var configurationSection = builder.Configuration.GetSection("AzureAd");
+
+builder.Services
+    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddMicrosoftIdentityWebApi(configurationSection);
+
 var app = builder.Build();
 
-// Configure the HTTP request pipeline.
-if (app.Environment.IsDevelopment())
-{
-    app.UseSwagger();
-    app.UseSwaggerUI();
-}
+IdentityModelEventSource.ShowPII = true;
+
+app.UseSwagger();
+app.UseSwaggerUI();
+
 
 app.UseHttpsRedirection();
 
+app.UseAuthentication();
+
 app.UseAuthorization();
 
 app.MapControllers();

src/consumer/EventTriangleAPI.Consumer.Presentation/appsettings.Development.json

@@ -5,5 +5,11 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "AzureAd": {
+    "Instance": "https://login.microsoftonline.com/",
+    "TenantId": "b40a105f-0643-4922-8e60-10fc1abf9c4b",
+    "ClientId": "25128d03-9817-4e11-bddf-dc5f6df4042a",
+    "Scopes": "EventTriangleLocalAuth.All"
+  }
 }

src/consumer/EventTriangleAPI.Consumer.Presentation/appsettings.json

@@ -6,4 +6,8 @@
         <Nullable>enable</Nullable>
     </PropertyGroup>
 
+    <ItemGroup>
+      <ProjectReference Include="..\..\shared\EventTriangleAPI.Shared.Application\EventTriangleAPI.Shared.Application.csproj" />
+    </ItemGroup>
+
 </Project>

src/sender/EventTriangleAPI.Sender.Domain/EventTriangleAPI.Sender.Domain.csproj

@@ -1,9 +1,12 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Identity.Web.Resource;
 
 namespace EventTriangleAPI.Sender.Presentation.Controllers;
 
 [ApiController]
 [Route("[controller]")]
+[RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]
 public class WeatherForecastController : ControllerBase
 {
     private static readonly string[] Summaries = new[]
@@ -18,8 +21,22 @@ public WeatherForecastController(ILogger<WeatherForecastController> logger)
         _logger = logger;
     }
 
-    [HttpGet(Name = "GetWeatherForecast")]
-    public IEnumerable<WeatherForecast> Get()
+    [Authorize(Roles = "User, Admin")]
+    [HttpGet("user_and_admin")]
+    public IEnumerable<WeatherForecast> GetForUserAndAdmin()
+    {
+        return Enumerable.Range(1, 5).Select(index => new WeatherForecast
+            {
+                Date = DateTime.Now.AddDays(index),
+                TemperatureC = Random.Shared.Next(-20, 55),
+                Summary = Summaries[Random.Shared.Next(Summaries.Length)]
+            })
+            .ToArray();
+    }
+
+    [Authorize(Roles = "Admin")]
+    [HttpGet("admin")]
+    public IEnumerable<WeatherForecast> GetForAdmin()
     {
         return Enumerable.Range(1, 5).Select(index => new WeatherForecast
             {

src/sender/EventTriangleAPI.Sender.Presentation/Controllers/WeatherForecastController.cs

@@ -7,7 +7,11 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3"/>
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
+    </ItemGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\EventTriangleAPI.Sender.Domain\EventTriangleAPI.Sender.Domain.csproj" />
     </ItemGroup>
 
 </Project>

src/sender/EventTriangleAPI.Sender.Presentation/EventTriangleAPI.Sender.Presentation.csproj

@@ -1,23 +1,32 @@
-var builder = WebApplication.CreateBuilder(args);
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Identity.Web;
+using Microsoft.IdentityModel.Logging;
 
-// Add services to the container.
+var builder = WebApplication.CreateBuilder(args);
 
 builder.Services.AddControllers();
-// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 
+var configurationSection = builder.Configuration.GetSection("AzureAd");
+
+builder.Services
+    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddMicrosoftIdentityWebApi(configurationSection);
+
 var app = builder.Build();
 
-// Configure the HTTP request pipeline.
-if (app.Environment.IsDevelopment())
-{
-    app.UseSwagger();
-    app.UseSwaggerUI();
-}
+IdentityModelEventSource.ShowPII = true;
+
+
+app.UseSwagger();
+app.UseSwaggerUI();
+
 
 app.UseHttpsRedirection();
 
+app.UseAuthentication();
+
 app.UseAuthorization();
 
 app.MapControllers();