microsoft/teams.net

Public

mirrored from https://github.com/microsoft/teams.netAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
copilot/setup-copilot-instructions

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/Extensions/HostApplicationBuilder.cs

167lines · modecode

1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the MIT License.
3
4using System.Reflection;
5
6using Microsoft.AspNetCore.Authentication.JwtBearer;
7using Microsoft.Extensions.DependencyInjection;
8using Microsoft.Extensions.Hosting;
9using Microsoft.Teams.Apps;
10using Microsoft.Teams.Apps.Extensions;
11
12namespace Microsoft.Teams.Plugins.AspNetCore.Extensions;
13
14public static class HostApplicationBuilderExtensions
15{
16 /// <summary>
17 /// adds core Teams services and the
18 /// AspNetCorePlugin
19 /// </summary>
20 /// <param name="routing">set to false to disable the plugins default http controller</param>
21 /// <param name="skipAuth">set to true to disable token authentication</param>
22 public static IHostApplicationBuilder AddTeams(this IHostApplicationBuilder builder, bool routing = true, bool skipAuth = false)
23 {
24 builder.AddTeamsCore();
25 builder.AddTeamsPlugin<AspNetCorePlugin>();
26 builder.AddTeamsTokenAuthentication(skipAuth);
27
28 if (routing)
29 {
30 builder.Services.AddControllers().AddApplicationPart(Assembly.GetExecutingAssembly());
31 }
32
33 return builder;
34 }
35
36 /// <summary>
37 /// adds core Teams services and the
38 /// AspNetCorePlugin
39 /// </summary>
40 /// <param name="app">your app instance</param>
41 /// <param name="routing">set to false to disable the plugins default http controller</param>
42 /// <param name="skipAuth">set to true to disable token authentication</param>
43 public static IHostApplicationBuilder AddTeams(this IHostApplicationBuilder builder, App app, bool routing = true, bool skipAuth = false)
44 {
45 builder.AddTeamsCore(app);
46 builder.AddTeamsPlugin<AspNetCorePlugin>();
47 builder.AddTeamsTokenAuthentication(skipAuth);
48
49 if (routing)
50 {
51 builder.Services.AddControllers().AddApplicationPart(Assembly.GetExecutingAssembly());
52 }
53
54 return builder;
55 }
56
57 /// <summary>
58 /// adds core Teams services and the
59 /// AspNetCorePlugin
60 /// </summary>
61 /// <param name="options">your app options</param>
62 /// <param name="routing">set to false to disable the plugins default http controller</param>
63 /// <param name="skipAuth">set to true to disable token authentication</param>
64 public static IHostApplicationBuilder AddTeams(this IHostApplicationBuilder builder, AppOptions options, bool routing = true, bool skipAuth = false)
65 {
66 builder.AddTeamsCore(options);
67 builder.AddTeamsPlugin<AspNetCorePlugin>();
68 builder.AddTeamsTokenAuthentication(skipAuth);
69
70 if (routing)
71 {
72 builder.Services.AddControllers().AddApplicationPart(Assembly.GetExecutingAssembly());
73 }
74
75 return builder;
76 }
77
78 /// <summary>
79 /// adds core Teams services and the
80 /// AspNetCorePlugin
81 /// </summary>
82 /// <param name="appBuilder">your app builder</param>
83 /// <param name="routing">set to false to disable the plugins default http controller</param>
84 /// <param name="skipAuth">set to true to disable token authentication</param>
85 public static IHostApplicationBuilder AddTeams(this IHostApplicationBuilder builder, AppBuilder appBuilder, bool routing = true, bool skipAuth = false)
86 {
87 builder.AddTeamsCore(appBuilder);
88 builder.AddTeamsPlugin<AspNetCorePlugin>();
89 builder.AddTeamsTokenAuthentication(skipAuth);
90
91 if (routing)
92 {
93 builder.Services.AddControllers().AddApplicationPart(Assembly.GetExecutingAssembly());
94 }
95
96 return builder;
97 }
98
99 public static class TeamsTokenAuthConstants
100 {
101 // the authentication scheme for validating incoming Teams tokens
102 public const string AuthenticationScheme = "TeamsJWTScheme";
103 // the authorization policy attached to endpoints or controllers
104 public const string AuthorizationPolicy = "TeamsJWTPolicy";
105 }
106
107 public static class EntraTokenAuthConstants
108 {
109 public const string AuthenticationScheme = "EntraTokenJWTScheme";
110 public const string AuthorizationPolicy = "EntraTokenJWTPolicy";
111 }
112
113 /// <summary>
114 /// add TeamsJWTScheme for validating incoming SMBA tokens and EntraTokenJWTScheme for validating incoming Entra tokens
115 /// provides Authorization policy TeamsJWTPolicy required by [Authorize(Policy="TeamsJWTPolicy")] in MessageController
116 /// provides Authorization policy EntraTokenJWTPolicy required when Tab invokes remote functions
117 /// </summary>
118 /// <returns></returns>
119 public static IHostApplicationBuilder AddTeamsTokenAuthentication(this IHostApplicationBuilder builder, bool skipAuth = false)
120 {
121 var settings = builder.Configuration.GetTeams();
122
123 var teamsValidationSettings = new TeamsValidationSettings();
124 if (!string.IsNullOrEmpty(settings.ClientId))
125 {
126 teamsValidationSettings.AddDefaultAudiences(settings.ClientId);
127 }
128
129 builder.Services.
130 AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
131 .AddJwtBearer(TeamsTokenAuthConstants.AuthenticationScheme, options =>
132 {
133 TokenValidator.ConfigureValidation(options, teamsValidationSettings.Issuers, teamsValidationSettings.Audiences, teamsValidationSettings.OpenIdMetadataUrl);
134 })
135 .AddJwtBearer(EntraTokenAuthConstants.AuthenticationScheme, options =>
136 {
137 TokenValidator.ConfigureValidation(options, teamsValidationSettings.GetValidIssuersForTenant(settings.TenantId), teamsValidationSettings.Audiences, teamsValidationSettings.GetTenantSpecificOpenIdMetadataUrl(settings.TenantId));
138 });
139
140
141 builder.Services.AddAuthorization(options =>
142 {
143 options.AddPolicy(TeamsTokenAuthConstants.AuthorizationPolicy, policy =>
144 {
145 if (skipAuth || string.IsNullOrEmpty(settings.ClientId))
146 {
147 // bypass authentication
148 policy.RequireAssertion(_ => true);
149 }
150 else
151 {
152 policy.AddAuthenticationSchemes(TeamsTokenAuthConstants.AuthenticationScheme);
153 policy.RequireAuthenticatedUser();
154 }
155 });
156
157 // token validation policy for Entra tokens, used when tab apps invoke remote functions
158 options.AddPolicy(EntraTokenAuthConstants.AuthorizationPolicy, policy =>
159 {
160 policy.AddAuthenticationSchemes(EntraTokenAuthConstants.AuthenticationScheme);
161 policy.RequireAuthenticatedUser();
162 });
163 });
164
165 return builder;
166 }
167}