private async Task <UserAssertion> FetchAssertionFromWsTrustAsync()
{
if (AuthenticationRequestParameters.AuthorityInfo.AuthorityType == AuthorityType.Adfs ||
AuthenticationRequestParameters.AuthorityInfo.AuthorityType == AuthorityType.B2C)
{
return(null);
}
var userRealmResponse = await _commonNonInteractiveHandler
.QueryUserRealmDataAsync(AuthenticationRequestParameters.AuthorityInfo.UserRealmUriPrefix, _usernamePasswordParameters.Username)
.ConfigureAwait(false);
if (userRealmResponse.IsFederated)
{
var wsTrustResponse = await _commonNonInteractiveHandler.PerformWsTrustMexExchangeAsync(
userRealmResponse.FederationMetadataUrl,
userRealmResponse.CloudAudienceUrn,
UserAuthType.UsernamePassword,
_usernamePasswordParameters.Username,
_usernamePasswordParameters.Password,
_usernamePasswordParameters.FederationMetadata).ConfigureAwait(false);
// We assume that if the response token type is not SAML 1.1, it is SAML 2
return(new UserAssertion(
wsTrustResponse.Token,
wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion
? OAuth2GrantType.Saml11Bearer
: OAuth2GrantType.Saml20Bearer));
}
if (userRealmResponse.IsManaged)
{
// handle grant flow
if (_usernamePasswordParameters.Password == null)
{
throw new MsalClientException(MsalError.PasswordRequiredForManagedUserError);
}
return(null);
}
throw new MsalClientException(
MsalError.UnknownUserType,
string.Format(
CultureInfo.CurrentCulture,
MsalErrorMessage.UnsupportedUserType,
userRealmResponse.AccountType));
}
private async Task <UserAssertion> FetchAssertionFromWsTrustAsync()
{
if (!AuthenticationRequestParameters.AuthorityInfo.IsUserAssertionSupported)
{
//IWA is currently not supported in pure adfs environments. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2771
throw new MsalClientException(
MsalError.IntegratedWindowsAuthenticationFailed,
"Integrated windows authenticaiton is not supported when using WithAdfsAuthority() to specify the authority in ADFS on premises environments"
+ " See https://aka.ms/msal-net-iwa for more details.");
}
var userRealmResponse = await _commonNonInteractiveHandler
.QueryUserRealmDataAsync(AuthenticationRequestParameters.AuthorityInfo.UserRealmUriPrefix, _integratedWindowsAuthParameters.Username)
.ConfigureAwait(false);
if (userRealmResponse.IsFederated)
{
var wsTrustResponse = await _commonNonInteractiveHandler.PerformWsTrustMexExchangeAsync(
userRealmResponse.FederationMetadataUrl,
userRealmResponse.CloudAudienceUrn,
UserAuthType.IntegratedAuth,
_integratedWindowsAuthParameters.Username,
null,
_integratedWindowsAuthParameters.FederationMetadata).ConfigureAwait(false);
// We assume that if the response token type is not SAML 1.1, it is SAML 2
return(new UserAssertion(
wsTrustResponse.Token,
wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion
? OAuth2GrantType.Saml11Bearer
: OAuth2GrantType.Saml20Bearer));
}
if (userRealmResponse.IsManaged)
{
throw new MsalClientException(
MsalError.IntegratedWindowsAuthNotSupportedForManagedUser,
MsalErrorMessage.IwaNotSupportedForManagedUser);
}
throw new MsalClientException(
MsalError.UnknownUserType,
string.Format(
CultureInfo.CurrentCulture,
MsalErrorMessage.UnsupportedUserType,
userRealmResponse.AccountType));
}
