public override Task <IAccessToken> Authenticate(AuthenticationParameters parameters, CancellationToken cancellationToken) { var silentParameters = parameters as SilentParameters; var onPremise = silentParameters.Environment.OnPremise; var tenantId = onPremise ? AdfsTenant : (string.Equals(parameters.TenantId, OrganizationsTenant, StringComparison.OrdinalIgnoreCase) ? null : parameters.TenantId); var resource = silentParameters.Environment.GetEndpoint(silentParameters.ResourceId) ?? silentParameters.ResourceId; var scopes = AuthenticationHelpers.GetScope(onPremise, resource); var authority = silentParameters.Environment.ActiveDirectoryAuthority; AzureSession.Instance.TryGetComponent(nameof(PowerShellTokenCache), out PowerShellTokenCache tokenCache); var options = new SharedTokenCacheCredentialOptions(tokenCache.TokenCache) { EnableGuestTenantAuthentication = true, ClientId = AuthenticationHelpers.PowerShellClientId, Username = silentParameters.UserId, AuthorityHost = new Uri(authority), TenantId = tenantId, }; var cacheCredential = new SharedTokenCacheCredential(options); var requestContext = new TokenRequestContext(scopes); var parametersLog = $"- TenantId:'{options.TenantId}', Scopes:'{string.Join(",", scopes)}', AuthorityHost:'{options.AuthorityHost}', UserId:'{silentParameters.UserId}'"; return(MsalAccessToken.GetAccessTokenAsync( nameof(SilentAuthenticator), parametersLog, cacheCredential, requestContext, cancellationToken, silentParameters.TenantId, silentParameters.UserId, silentParameters.HomeAccountId)); }
public void SharedTokenCacheCredentialOptionsNullTenantId() { var options = new SharedTokenCacheCredentialOptions(); // validate no exception is thrown when setting TenantId to null options.TenantId = null; }
public void SharedTokenCacheCredentialOptionsInvalidTenantId([Values("", "invalid?character")] string tenantId) { var options = new SharedTokenCacheCredentialOptions(); var ex = Assert.Catch <ArgumentException>(() => options.TenantId = tenantId); ValidateTenantIdArgumentException(tenantId, null, ex); }
public async Task UsesTenantIdHint([Values(null, TenantIdHint)] string tenantId, [Values(true)] bool allowMultiTenantAuthentication) { TestSetup(); var options = new SharedTokenCacheCredentialOptions(); var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId); expectedTenantId = TenantIdResolver.Resolve(TenantId, context); mockPublicMsalClient.Accounts = new List <IAccount> { new MockAccount(expectedUsername, expectedTenantId) }; var credential = InstrumentClient(new SharedTokenCacheCredential(TenantId, null, options, null, mockPublicMsalClient)); AccessToken token = await credential.GetTokenAsync(context); Assert.AreEqual(expectedToken, token.Token); Assert.AreEqual(expiresOn, token.ExpiresOn); }
public async Task VerifyAuthenticationRecordOption() { var expectedHomeId = $"{Guid.NewGuid()}.{Guid.NewGuid()}"; var expectedEnvironment = AzureAuthorityHosts.AzurePublicCloud.ToString(); var acquireTokenSilentCalled = false; var options = new SharedTokenCacheCredentialOptions { AuthenticationRecord = new AuthenticationRecord( expectedUsername, expectedEnvironment, expectedHomeId, Guid.NewGuid().ToString(), Guid.NewGuid().ToString()) }; var mockMsalClient = new MockMsalPublicClient { Accounts = new List <IAccount> { new MockAccount("*****@*****.**") }, ExtendedSilentAuthFactory = (_, _, account, _, _, _) => { Assert.AreEqual(expectedUsername, account.Username); Assert.AreEqual(expectedEnvironment, account.Environment); Assert.AreEqual(expectedHomeId, account.HomeAccountId.Identifier); acquireTokenSilentCalled = true; return(AuthenticationResultFactory.Create()); } }; var credential = InstrumentClient(new SharedTokenCacheCredential(null, null, options, null, mockMsalClient)); AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)); Assert.IsTrue(acquireTokenSilentCalled); }
public void VerifyCachePersistenceOptionsCtorParam() { // verify passed in TokenCachePeristenceOptions are honored var persistenceOptions = new TokenCachePersistenceOptions { Name = "mocktokencachename" }; var credentialOptions = new SharedTokenCacheCredentialOptions(persistenceOptions); Assert.AreEqual(persistenceOptions, credentialOptions.TokenCachePersistenceOptions); // verify passing null uses the default token cache persistence settings credentialOptions = new SharedTokenCacheCredentialOptions(null); Assert.AreEqual(SharedTokenCacheCredentialOptions.s_defaulTokenCachetPersistenceOptions, credentialOptions.TokenCachePersistenceOptions); // verify calling the default constructor uses the default token cache persistence settings credentialOptions = new SharedTokenCacheCredentialOptions(); Assert.AreEqual(SharedTokenCacheCredentialOptions.s_defaulTokenCachetPersistenceOptions, credentialOptions.TokenCachePersistenceOptions); }
public virtual TokenCredential CreateSharedTokenCacheCredentials(SharedTokenCacheCredentialOptions options) { return(new SharedTokenCacheCredential(options)); }