Vtmv1

src/Samples/WebApplicationNet6/Api/TestApi.cs

@@ -51,7 +51,7 @@ public class AdditionalScopeHandler: IAuthenticationHandler
     {
         private readonly TokenProviderConfiguration _configuration;
         private readonly IServiceProvider _appApplicationServices;
-        public static string Authority(TokenProviderConfiguration configuration) => $"https://login.microsoftonline.com/tfp/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
+        public static string Authority(TokenProviderConfiguration configuration) => $"{configuration.Instance}/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
         public AdditionalScopeHandler() : this(new TokenProviderConfiguration())
         {
         }

src/Samples/WebApplicationNet6/appsettings.json

@@ -7,7 +7,7 @@
     }
   },
   "Veracity": {
-    "RedirectUrl": "https://localhost:63493",
+    "RedirectUrl": "https://localhost:59688",
     "TenantId": "a68572e3-63ce-4bc1-acdc-b64943502e9d",
     "ClientId": "95c0f89a-7d62-4ba4-84c6-d01a6b399ab9",
     "Scope": "https://dnvglb2cprod.onmicrosoft.com/83054ebf-1d7b-43f5-82ad-b2bde84d7b75/user_impersonation",

src/Samples/WebApplicationNet7/Api/TestApi.cs

@@ -51,7 +51,7 @@ public class AdditionalScopeHandler: IAuthenticationHandler
     {
         private readonly TokenProviderConfiguration _configuration;
         private readonly IServiceProvider _appApplicationServices;
-        public static string Authority(TokenProviderConfiguration configuration) => $"https://login.microsoftonline.com/tfp/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
+        public static string Authority(TokenProviderConfiguration configuration) => $"{configuration.Instance}/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
         public AdditionalScopeHandler() : this(new TokenProviderConfiguration())
         {
         }

src/Samples/WebApplicationNet8/Program.cs

@@ -0,0 +1,53 @@
+using Azure.Identity;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Veracity.Common.OAuth.Providers;
+using Veracity.Services.Api;
+using Veracity.Common.Authentication;
+using Microsoft.Extensions.Caching.Distributed;
+using Microsoft.Extensions.Caching.Memory;
+using Microsoft.Extensions.Options;
+using Stardust.Particles;
+
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Configuration.AddAzureKeyVault(new Uri(builder.Configuration["KeyVaultEndpoint"]), new DefaultAzureCredential());
+
+builder.Services.AddVeracity(builder.Configuration)
+                .AddScoped(s => s.GetService<IHttpContextAccessor>().HttpContext.User)
+                .AddSingleton(ConstructDistributedCache)
+                .AddVeracityServices(ConfigurationManagerHelper.GetValueOnKey("myApiV3Url"))
+                .AddAuthentication(sharedOptions =>
+                {
+                    sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+                    sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
+                })
+                .AddVeracityAuthentication(builder.Configuration, isMfaRequiredOptions: (httpContext, authenticationProperties) =>
+                {
+                    //do custom logic there
+                    return true;
+                })
+                .AddCookie();
+
+builder.Services.AddAuthorization();
+
+var app = builder.Build();
+
+app.UseAuthentication();
+app.UseVeracity();
+app.UseAuthorization();
+
+app.MapGet("/", (IMy my) => { 
+    return $"Welcome {my.Info().Result.Name}";
+}).RequireAuthorization();
+
+app.MapGet("/myservices", (IMy my) => {
+    return my.MyServices();
+}).RequireAuthorization();
+
+app.Run();
+
+IDistributedCache ConstructDistributedCache(IServiceProvider s)
+{
+    return new MemoryDistributedCache(new OptionsWrapper<MemoryDistributedCacheOptions>(new MemoryDistributedCacheOptions()));
+}

src/Samples/WebApplicationNet8/WebApplicationNet8.csproj

@@ -0,0 +1,19 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.3.0" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="2.16.1" />
+    <PackageReference Include="Stardust.Particles" Version="5.0.2" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Veracity.Common.OAuth.AspNetCore\Veracity.Common.OAuth.AspNetCore.csproj" />
+  </ItemGroup>
+
+</Project>

src/Samples/WebApplicationNet8/appsettings.Development.json

@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "KeyVaultEndpoint": "https://veracitydevsample.vault.azure.net/"
+}

src/Samples/WebApplicationNet8/appsettings.json

@@ -0,0 +1,26 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "Veracity": {
+    "RedirectUrl": "https://localhost:63493",
+    "TenantId": "a68572e3-63ce-4bc1-acdc-b64943502e9d",
+    "ClientId": "95c0f89a-7d62-4ba4-84c6-d01a6b399ab9",
+    "Scope": "https://dnvglb2cprod.onmicrosoft.com/83054ebf-1d7b-43f5-82ad-b2bde84d7b75/user_impersonation",
+    "Policy": "B2C_1A_SignInWithADFSIdp",
+    "MyServicesApi": "https://api.veracity.com/veracity/services/v3",
+    "Instance": "https://login.veracity.com/",
+    "CallbackPath": "/signin-oidc",
+    "Domain": "dnvglb2cprod.onmicrosoft.com",
+    "SignUpSignInPolicyId": "B2C_1A_SignInWithADFSIdp",
+    "ResetPasswordPolicyId": "B2C_1A_SignInWithADFSIdp",
+    "UpgradeHttp": true,
+    "ClientSecret": "store your actual key in key vault, use Veracity-- as prefix",
+    "SubscriptionKey": "store your subsciprtion key in key vault, use Veracity-- as prefix"
+  },
+  "AllowedHosts": "*",
+  "KeyVaultEndpoint": "https://veracitydevsample.vault.azure.net/"
+}

src/Veracity.Common.Authentication.AspNetCore/TokenProvider.cs

@@ -12,7 +12,7 @@ public class TokenProvider : ITokenHandler
     {
         private readonly TokenProviderConfiguration _configuration;
         private readonly IServiceProvider _appApplicationServices;
-        public static string Authority(TokenProviderConfiguration configuration) => $"https://login.microsoftonline.com/tfp/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
+        public static string Authority(TokenProviderConfiguration configuration) => $"{configuration.Instance}/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
         public TokenProvider() : this(new TokenProviderConfiguration())
         {
         }
@@ -62,7 +62,7 @@ internal class CCTokenProvider : ITokenHandler
     {
         private readonly TokenProviderConfiguration _configuration;
         private readonly IServiceProvider _appApplicationServices;
-        public static string Authority(TokenProviderConfiguration configuration) => $"https://login.microsoftonline.com/tfp/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
+        public static string Authority(TokenProviderConfiguration configuration) => $"{configuration.Instance}/{configuration.TenantId}/{configuration.Policy}/v2.0/.well-known/openid-configuration";
         public CCTokenProvider() : this(new TokenProviderConfiguration())
         {
         }

src/Veracity.Services.Api.sln

@@ -31,6 +31,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebApplicationNet7", "Sampl
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Veracity.Common.Authentication.AspNetCore", "Veracity.Common.Authentication.AspNetCore\Veracity.Common.Authentication.AspNetCore.csproj", "{29153779-0742-423F-A641-D4BC4BBF5B33}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebApplicationNet8", "Samples\WebApplicationNet8\WebApplicationNet8.csproj", "{78BD7497-EA4C-43F8-B931-A47B2399E566}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -87,6 +89,14 @@ Global
 		{29153779-0742-423F-A641-D4BC4BBF5B33}.Stag|Any CPU.Build.0 = Debug|Any CPU
 		{29153779-0742-423F-A641-D4BC4BBF5B33}.Test|Any CPU.ActiveCfg = Debug|Any CPU
 		{29153779-0742-423F-A641-D4BC4BBF5B33}.Test|Any CPU.Build.0 = Debug|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Release|Any CPU.Build.0 = Release|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Stag|Any CPU.ActiveCfg = Debug|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Stag|Any CPU.Build.0 = Debug|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Test|Any CPU.ActiveCfg = Debug|Any CPU
+		{78BD7497-EA4C-43F8-B931-A47B2399E566}.Test|Any CPU.Build.0 = Debug|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -97,6 +107,7 @@ Global
 		{7394EDAC-0487-46E0-8A53-8700BFB3CAD5} = {AAC8E77D-7E4B-4ECA-A282-B4F799D6A079}
 		{49770986-2DD5-46FC-89AA-39A733D916C0} = {AAC8E77D-7E4B-4ECA-A282-B4F799D6A079}
 		{29153779-0742-423F-A641-D4BC4BBF5B33} = {B424EE34-34F9-458B-90CE-E1C2484892BD}
+		{78BD7497-EA4C-43F8-B931-A47B2399E566} = {AAC8E77D-7E4B-4ECA-A282-B4F799D6A079}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {A9CDA391-12A3-4F65-9CA5-B6E0163F6381}

src/Veracity.Services.Api/IMy.cs

@@ -29,9 +29,12 @@ public interface IMy : IVeracityService
         [AccessControllGate(AccessControllTypes.User, RoleTypes.IsValidUser)]
         Task<int> GetMessageCount();
 
-        [Get("messages", "Read the users messages. All: include read messages")]
+        [Get("messages", "Read the users messages. All: include read messages. ImportantOnly: only include important messages")]
         [AccessControllGate(AccessControllTypes.User, RoleTypes.IsValidUser)]
-       Task<IEnumerable<MessageReference>> GetMessagesAsync([In(InclutionTypes.Path)] bool all);
+        Task<IEnumerable<MessageReference>> GetMessagesAsync([In(InclutionTypes.Path)] bool all, [InHeader] string importantOnly = null);
+
+        [Patch("messages", "Marks all unread messages as read. ImportantOnly: only mark important messages as read")]
+        Task MarkAllMessagesAsRead([In(InclutionTypes.Header)] string importantOnly = null);
 
         //Notice the In attribute for the parameters, it is equivalent with FromBody and FromUri and is required (it currently defaults to FromBody :(  )
         [Get("messages/{messageId}")]
@@ -58,9 +61,9 @@ public interface IMy : IVeracityService
         [AuthorizeWrapper]
         Task ValidatePolicies([In(InclutionTypes.Header)]string returnUrl);
 
-        [Get("services", "Returns all services for the user")]
+        [Get("services", "Returns all services for the user inside the tenant with id:tenantId. System tenant id is Guid.empty. if tenantId is null, it will return all services from all tenants include system tenant.")]
         [AccessControllGate(AccessControllTypes.User, RoleTypes.IsValidUser)]
         [AuthorizeWrapper]
-        Task<IEnumerable<MyServiceReference>> MyServices();
+        Task<IEnumerable<MyServiceReference>> MyServices([In(InclutionTypes.Header)] string tenantId = null);
     }
 }

src/Veracity.Services.Api/IServicesDirectory.cs

@@ -20,12 +20,12 @@ public interface IServicesDirectory : IVeracityService
     {
         [Get("services/{id}", "Get the detailed service description by the provided id")]
         [AccessControllGate(AccessControllTypes.ServiceThenUser, RoleTypes.ReadDirectoryAccess)]
-        Task<ServiceInfo> GetServiceById([In(InclutionTypes.Path)] string id);
+        Task<ServiceInfo> GetServiceById([In(InclutionTypes.Path)] string id, [In(InclutionTypes.Header)] string tenantId = null);
 
 
         [Get("services/{id}/users", "Get the list of users subscribing to the service. Paged query: uses 0 based page index")]
         [AccessControllGate(AccessControllTypes.ServiceThenUser, RoleTypes.ReadDirectoryAccess)]
-        Task<IEnumerable<UserReference>> GetUsers([In(InclutionTypes.Path)] string id, [In(InclutionTypes.Path)] int page, [In(InclutionTypes.Path)] int pageSize);
+        Task<IEnumerable<UserReference>> GetUsers([In(InclutionTypes.Path)] string id, [In(InclutionTypes.Path)] int page, [In(InclutionTypes.Path)] int pageSize, [In(InclutionTypes.Header)] string tenantId = null);
 
         [Get("services/{serviceId}/administrators/{userId}","Internal only")]
         [Obsolete("Only for Veracity internal usage, this will be removed at a later stage", false)]

src/Veracity.Services.Api/IThis.cs

@@ -20,37 +20,37 @@ public interface IThis : IVeracityService
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ReadAccess)]
         Task<IEnumerable<ServiceReference>> GetServices([In(InclutionTypes.Path)] int page, [In(InclutionTypes.Path)] int pageSize);
 
-        [Get("subscribers", "Get all users with a subscription to this service. Paged query: uses 0 based page index", Summary = Constants.Warning300)]
+        [Get("subscribers", "Get all users with a subscription to this servicein the tenant if provided, or it will get from system tenant. Paged query: uses 0 based page index", Summary = Constants.Warning300)]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ReadAccess)]
-        Task<IEnumerable<UserReference>> GetUsers([In(InclutionTypes.Path)] int page, [In(InclutionTypes.Path)] int pageSize);
+        Task<IEnumerable<UserReference>> GetUsers([In(InclutionTypes.Path)] int page, [In(InclutionTypes.Path)] int pageSize, [InHeader] string tenantId = null);
 
-        [Get("subscribers/{userId}", "Get all users with a subscription to this service. Paged query: uses 0 based page index", Summary = Constants.Warning300)]
+        [Get("subscribers/{userId}", "Get all subscription to this user in the tenant if provided, or it will get from system tenant.", Summary = Constants.Warning300)]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ReadAccess)]
-        Task<SubscriptionReference> GetServiceUser([In(InclutionTypes.Path)] string userId);
+        Task<SubscriptionReference> GetServiceUser([In(InclutionTypes.Path)] string userId, [InHeader] string tenantId = null);
 
-        [Get("services/{serviceId}/subscribers/{userId}", "Get all users with a subscription to this service. Paged query: uses 0 based page index", Summary = Constants.Warning300)]
+        [Get("services/{serviceId}/subscribers/{userId}", "Checks if a user has a subscription to the service and the access level if any in the tenant if provided, or it will get from system tenant.", Summary = Constants.Warning300)]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ReadAccess)]
-        Task<SubscriptionReference> GetUserForService([InPath]string serviceId, [In(InclutionTypes.Path)] string userId);
+        Task<SubscriptionReference> GetUserForService([InPath]string serviceId, [In(InclutionTypes.Path)] string userId, [InHeader] string tenantId = null);
 
-        [Get("services/{serviceId}/subscribers", "Get all users with a subscription to this service. Paged query: uses 0 based page index")]
+        [Get("services/{serviceId}/subscribers", "Get all users with a subscription to this service in the tenant if provided, or it will get from system tenant. Paged query: uses 0 based page index")]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ReadAccess, ParameterIndex = 0)]
-        Task<IEnumerable<UserReference>> GetServiceUsers([In(InclutionTypes.Path)]string serviceId, [In(InclutionTypes.Path)] int page, [In(InclutionTypes.Path)] int pageSize);
+        Task<IEnumerable<UserReference>> GetServiceUsers([In(InclutionTypes.Path)]string serviceId, [In(InclutionTypes.Path)] int page, [In(InclutionTypes.Path)] int pageSize, [InHeader] string tenantId = null);
 
-        [Put("subscribers/{userId}", "Add a user subscription to the service", Summary = Constants.Warning300)]
+        [Put("subscribers/{userId}", "Add a user subscription to the service in the tenant if provided, or it will use system tenant", Summary = Constants.Warning300)]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ManageServiceSubscriptions)]
-        Task AddUserAsync([In(InclutionTypes.Path)] string userId, [In(InclutionTypes.Body)] SubscriptionOptions options);
+        Task AddUserAsync([In(InclutionTypes.Path)] string userId, [In(InclutionTypes.Body)] SubscriptionOptions options, [InHeader] string tenantId = null);
 
-        [Put("services/{serviceId}/subscribers/{userId}", "Add a user subscription to the service with the provided id .Only available for the root service for nested services")]
+        [Put("services/{serviceId}/subscribers/{userId}", "Add a user subscription to the service with the provided id in the tenant if provided, or it will use system tenant. Only available for the root service for nested services")]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ManageServiceSubscriptions, ParameterIndex = 1)]
-        Task AddServiceUser([In(InclutionTypes.Path)] string userId, [In(InclutionTypes.Path)] string serviceId, [In(InclutionTypes.Body)] SubscriptionOptions options);
+        Task AddServiceUser([In(InclutionTypes.Path)] string userId, [In(InclutionTypes.Path)] string serviceId, [In(InclutionTypes.Body)] SubscriptionOptions options, [InHeader] string tenantId = null);
 
-        [Delete("services/{serviceId}/subscribers/{userId}", "Remove servive subscription from the user .Only available for the root service for nested services")]
+        [Delete("services/{serviceId}/subscribers/{userId}", "Remove servive subscription from the user in the tenant if provided, or it will use system tenant. Only available for the root service for nested services")]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ManageServiceSubscriptions, ParameterIndex = 1)]
-        Task RemoveServiceUser([In(InclutionTypes.Path)] string userId, [In(InclutionTypes.Path)] string serviceId);
+        Task RemoveServiceUser([In(InclutionTypes.Path)] string userId, [In(InclutionTypes.Path)] string serviceId, [InHeader] string tenantId = null);
 
-        [Delete("subscribers/{userId}", "Remove servive subscription from the user ", Summary = Constants.Warning300)]
+        [Delete("subscribers/{userId}", "Remove servive subscription for the user from this service in the tenant if provided, or it will use system tenant.", Summary = Constants.Warning300)]
         [AccessControllGate(AccessControllTypes.UserAndService, RoleTypes.ManageServiceSubscriptions)]
-        Task RemoveUser([In(InclutionTypes.Path)] string userId);
+        Task RemoveUser([In(InclutionTypes.Path)] string userId, [InHeader] string tenantId = null);
 
         [Get("user/resolve({email})", "Get the user id from the email address", Summary = "Note that an email address may be connected to more than one user account")]
         [AccessControllGate(AccessControllTypes.ServiceThenUser, RoleTypes.ManageServiceSubscriptions)]