Beispiel #1
0
        public async Task GetAsync(string tenantId)
        {
            try
            {
                MSALCache appTokenCache = new MSALCache(Startup.clientId);

                // Get a token for the Microsoft Graph. If this line throws an exception for
                // any reason, we'll just let the exception be returned as a 500 response
                // to the caller, and show a generic error message to the user.
                ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, string.Format(AuthorityFormat, tenantId), Startup.redirectUri,
                                                                                               new ClientCredential(Startup.clientSecret), null, appTokenCache.GetMsalCacheInstance());
                AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope });

                // Query for list of users in the tenant
                HttpClient         client  = new HttpClient();
                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery);
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
                HttpResponseMessage response = await client.SendAsync(request);

                // If the token we used was insufficient to make the query, drop the token from the cache.
                // The Users page of the website will show a message to the user instructing them to grant
                // permissions to the app (see User/Index.cshtml).
                if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
                {
                    // BUG: Here, we should clear MSAL's app token cache to ensure that on a subsequent call
                    // to SyncController, MSAL does not return the same access token that resulted in this 403.
                    // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD,
                    // which will contain the most up-to-date set of permissions granted to the app. Since MSAL
                    // currently does not provide a way to clear the app token cache, we have commented this line
                    // out. Thankfully, since this app uses the default in-memory app token cache, the app still
                    // works correctly, since the in-memory cache is not persistent across calls to SyncController
                    // anyway. If you build a persistent app token cache for MSAL, you should make sure to clear
                    // it at this point in the code.
                    //
                    appTokenCache.Clear();
                }

                if (!response.IsSuccessStatusCode)
                {
                    throw new HttpResponseException(response.StatusCode);
                }

                // Record users in the data store (note that this only records the first page of users)
                string json = await response.Content.ReadAsStringAsync();

                MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json);
                usersByTenant[tenantId] = users.value;
            }
            catch (Exception ex)
            {
                var e = ex.ToString();
            }
        }
Beispiel #2
0
        /// <summary>
        /// Remove all cache entries for this user.
        /// </summary>
        private void RemoveCachedTokens()
        {
            MSALCache appTokenCache = new MSALCache(Startup.clientId);

            appTokenCache.Clear();
        }