Beispiel #1
0
        public ActionResult CloudAD()
        {
            OAuthClient.RedirectToEndUserEndpoint(
                AzureOAuthConfiguration.ProtectedResourceUrl,
                AuthorizationResponseType.Code,
                new Uri(AzureOAuthConfiguration.GetRedirectUrlAfterEndUserConsent(this.HttpContext.Request.Url)),
                CurrentUser.ID.ToString(),
                null);

            return(new EmptyResult());
        }
Beispiel #2
0
        private void RegisterOAuthHandler()
        {
            Uri tokenUri = new Uri(AzureOAuthConfiguration.GetTokenUri());

            // set up the ServerRegistry
            InMemoryAuthorizationServerRegistry serverRegistry   = new InMemoryAuthorizationServerRegistry();
            AuthorizationServerRegistration     registrationInfo = new AuthorizationServerRegistration(
                tokenUri,
                new Uri(AzureOAuthConfiguration.EndUserEndPoint),
                AzureOAuthConfiguration.GetClientIdentity(),
                AzureOAuthConfiguration.ClientSecret);

            serverRegistry.AddOrUpdate(registrationInfo);
            OAuthClientSettings.AuthorizationServerRegistry = serverRegistry;

            // set up the ResourceRegistry
            InMemoryResourceScopeMappingRegistry resourceRegistry = new InMemoryResourceScopeMappingRegistry();

            resourceRegistry.AddOrUpdate(AzureOAuthConfiguration.ProtectedResourceUrl,
                                         tokenUri,
                                         new Uri(AzureOAuthConfiguration.EndUserEndPoint),
                                         null);
            OAuthClientSettings.ResourceScopeMappingRegistry = resourceRegistry;

            // Handle the requesting access token event
            OAuthClientSettings.RequestingAccessToken += new EventHandler <RequestingAccessTokenEventArgs>(OAuthClientSettings_RequestingAccessToken);

            // Handle the token received event
            OAuthClientSettings.AccessTokenReceived += new EventHandler <AccessTokenReceivedEventArgs>(OAuthClientSettings_AccessTokenReceived);

            // Handle the event when the user denies consent.
            OAuthClientSettings.EndUserAuthorizationFailed += new EventHandler <EndUserAuthorizationFailedEventArgs>(OAuthClientSettings_EndUserAuthorizationFailed);

            OAuthClientSettings.AuthorizationCodeReceived += new EventHandler <AuthorizationCodeReceivedEventArgs>(OAuthClientSettings_AuthorizationCodeReceived);

            //register the Authentication Module
            AuthenticationManager.Register(new OAuthAuthenticationModule());
        }
Beispiel #3
0
        private Status GenerateSuggestions(WorkflowInstance workflowInstance, ServerEntity entity, Dictionary <string, string> suggestionList)
        {
            Item item = entity as Item;

            if (item == null)
            {
                TraceLog.TraceError("Entity is not an Item");
                return(Status.Error);
            }

            User user = UserContext.GetUser(item.UserID, true);

            if (user == null)
            {
                TraceLog.TraceError("Could not find the user associated with Item " + item.Name);
                return(Status.Error);
            }

            ADGraphAPI adApi          = new ADGraphAPI();
            string     adRefreshToken = null;

            // check for FB and/or AD credentials
            UserCredential cred = user.GetCredential(UserCredential.FacebookConsent);

            if (cred != null && cred.AccessToken != null)
            {
                adApi.FacebookAccessToken = cred.AccessToken;
            }
            cred = user.GetCredential(UserCredential.CloudADConsent);
            if (cred != null && cred.RenewalToken != null)
            {
                adRefreshToken = cred.RenewalToken;
            }

            if (adApi.FacebookAccessToken == null && adRefreshToken == null)
            {   // user not having either token is not an error condition, but there is no way to generate suggestions
                // just move forward from this state
                return(Status.Complete);
            }

            // if a refresh token exists for AD, get an access token from Azure ACS for the Azure AD service
            if (adRefreshToken != null)
            {
                try
                {
                    AccessTokenRequestWithRefreshToken request = new AccessTokenRequestWithRefreshToken(new Uri(AzureOAuthConfiguration.GetTokenUri()))
                    {
                        RefreshToken = adRefreshToken,
                        ClientId     = AzureOAuthConfiguration.GetClientIdentity(),
                        ClientSecret = AzureOAuthConfiguration.ClientSecret,
                        Scope        = AzureOAuthConfiguration.RelyingPartyRealm,
                    };
                    OAuthMessage        message       = OAuthClient.GetAccessToken(request);
                    AccessTokenResponse authzResponse = message as AccessTokenResponse;
                    adApi.ADAccessToken = authzResponse.AccessToken;

                    // workaround for ACS trashing the refresh token
                    if (!String.IsNullOrEmpty(authzResponse.RefreshToken))
                    {
                        TraceLog.TraceInfo("Storing new CloudAD refresh token");
                        user.AddCredential(UserCredential.CloudADConsent, authzResponse.AccessToken, null, authzResponse.RefreshToken);
                        UserContext.SaveChanges();
                    }
                }
                catch (Exception ex)
                {
                    TraceLog.TraceException("Could not contact ACS to get an access token", ex);

                    // Facebook credentials are not available
                    if (adApi.FacebookAccessToken == null)
                    {
                        return(Status.Pending);  // could be a temporary outage, do not move off this state
                    }
                }
            }

            // extract a subject hint if one hasn't been discovered yet
            string subjectHint = GetInstanceData(workflowInstance, ActivityVariables.SubjectHint);

            if (String.IsNullOrEmpty(subjectHint))
            {
                try
                {
                    Phrase phrase = new Phrase(item.Name);
                    if (phrase.Task != null)
                    {
                        subjectHint = phrase.Task.Subject;
                        if (!String.IsNullOrWhiteSpace(subjectHint))
                        {
                            StoreInstanceData(workflowInstance, ActivityVariables.SubjectHint, subjectHint);
                        }
                    }
                }
                catch (Exception ex)
                {
                    TraceLog.TraceException("Could not initialize NLP engine", ex);
                }
            }

            // get contacts from Cloud AD and Facebook via the AD Graph Person service
            // TODO: also get local contacts from the Contacts folder
            try
            {
                var results = adApi.Query(subjectHint ?? "");
                foreach (var subject in results)
                {
                    // serialize an existing contact corresponding to the subject,
                    // or generate a new serialized contact if one wasn't found
                    Item contact = MakeContact(workflowInstance, item, subject);
                    suggestionList[contact.Name] = JsonSerializer.Serialize(contact);
                }
            }
            catch (Exception ex)
            {
                TraceLog.TraceException("Could not contact Person Service", ex);
                return(Status.Error);
            }

            // inexact match
            return(Status.Pending);
        }