public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken)
{
var silentParameters = parameters as SilentParameters;
var onPremise = silentParameters.Environment.OnPremise;
var tenantId = onPremise ? AdfsTenant :
(string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId);
var resource = silentParameters.Environment.GetEndpoint(silentParameters.ResourceId) ?? silentParameters.ResourceId;
var scopes = AuthenticationHelpers.GetScope(onPremise, resource);
var authority = silentParameters.Environment.ActiveDirectoryAuthority;
AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache);
var options = new SharedTokenCacheCredentialOptions(tokenCache.TokenCache)
{
EnableGuestTenantAuthentication = true,
ClientId = AuthenticationHelpers.PowerShellClientId,
Username = silentParameters.UserId,
AuthorityHost = new Uri(authority),
TenantId = tenantId,
};
var cacheCredential = new SharedTokenCacheCredential(options);
var requestContext = new TokenRequestContext(scopes);
var parametersLog = $"- TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', UserId:'{silentParameters.UserId}'";
return(MsalAccessToken.GetAccessTokenAsync(
nameof(SilentAuthenticator),
parametersLog,
cacheCredential,
requestContext,
cancellationToken,
silentParameters.TenantId,
silentParameters.UserId,
silentParameters.HomeAccountId));
}
public void SharedTokenCacheCredentialOptionsNullTenantId()
{
var options = new SharedTokenCacheCredentialOptions();
// validate no exception is thrown when setting TenantId to null
options.TenantId = null;
}
public void SharedTokenCacheCredentialOptionsInvalidTenantId([Values("", "invalid?character")] string tenantId)
{
var options = new SharedTokenCacheCredentialOptions();
var ex = Assert.Catch <ArgumentException>(() => options.TenantId = tenantId);
ValidateTenantIdArgumentException(tenantId, null, ex);
}
public async Task UsesTenantIdHint([Values(null, TenantIdHint)] string tenantId, [Values(true)] bool allowMultiTenantAuthentication)
{
TestSetup();
var options = new SharedTokenCacheCredentialOptions();
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
expectedTenantId = TenantIdResolver.Resolve(TenantId, context);
mockPublicMsalClient.Accounts = new List <IAccount> {
new MockAccount(expectedUsername, expectedTenantId)
};
var credential = InstrumentClient(new SharedTokenCacheCredential(TenantId, null, options, null, mockPublicMsalClient));
AccessToken token = await credential.GetTokenAsync(context);
Assert.AreEqual(expectedToken, token.Token);
Assert.AreEqual(expiresOn, token.ExpiresOn);
}
public async Task VerifyAuthenticationRecordOption()
{
var expectedHomeId = $"{Guid.NewGuid()}.{Guid.NewGuid()}";
var expectedEnvironment = AzureAuthorityHosts.AzurePublicCloud.ToString();
var acquireTokenSilentCalled = false;
var options = new SharedTokenCacheCredentialOptions
{
AuthenticationRecord = new AuthenticationRecord(
expectedUsername,
expectedEnvironment,
expectedHomeId,
Guid.NewGuid().ToString(),
Guid.NewGuid().ToString())
};
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new List <IAccount> {
new MockAccount("*****@*****.**")
},
ExtendedSilentAuthFactory = (_, _, account, _, _, _) =>
{
Assert.AreEqual(expectedUsername, account.Username);
Assert.AreEqual(expectedEnvironment, account.Environment);
Assert.AreEqual(expectedHomeId, account.HomeAccountId.Identifier);
acquireTokenSilentCalled = true;
return(AuthenticationResultFactory.Create());
}
};
var credential = InstrumentClient(new SharedTokenCacheCredential(null, null, options, null, mockMsalClient));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.IsTrue(acquireTokenSilentCalled);
}
public void VerifyCachePersistenceOptionsCtorParam()
{
// verify passed in TokenCachePeristenceOptions are honored
var persistenceOptions = new TokenCachePersistenceOptions {
Name = "mocktokencachename"
};
var credentialOptions = new SharedTokenCacheCredentialOptions(persistenceOptions);
Assert.AreEqual(persistenceOptions, credentialOptions.TokenCachePersistenceOptions);
// verify passing null uses the default token cache persistence settings
credentialOptions = new SharedTokenCacheCredentialOptions(null);
Assert.AreEqual(SharedTokenCacheCredentialOptions.s_defaulTokenCachetPersistenceOptions, credentialOptions.TokenCachePersistenceOptions);
// verify calling the default constructor uses the default token cache persistence settings
credentialOptions = new SharedTokenCacheCredentialOptions();
Assert.AreEqual(SharedTokenCacheCredentialOptions.s_defaulTokenCachetPersistenceOptions, credentialOptions.TokenCachePersistenceOptions);
}
public virtual TokenCredential CreateSharedTokenCacheCredentials(SharedTokenCacheCredentialOptions options)
{
return(new SharedTokenCacheCredential(options));
}
