public void AuthenticateRequest(object sender, EventArgs e)
{
ClaimsPrincipal principal = null;
var application = (HttpApplication)sender;
var request = application.Request;
var response = application.Response;
if (request.Url.Scheme != "https")
{
response.Redirect(String.Format("https://{0}{1}", request.Url.Authority, request.Url.PathAndQuery), endResponse: true);
return;
}
if (request.Url.PathAndQuery.StartsWith("/logout", StringComparison.OrdinalIgnoreCase))
{
RemoveSessionCookie(application);
var logoutUrl = GetLogoutUrl(application);
response.Redirect(logoutUrl, endResponse: true);
return;
}
string tenantId;
if (SwitchTenant(application, out tenantId))
{
RemoveSessionCookie(application);
var loginUrl = GetLoginUrl(application, tenantId, "/token");
response.Redirect(loginUrl, endResponse: true);
return;
}
var id_token = request.Form["id_token"];
var code = request.Form["code"];
var state = request.Form["state"];
if (!String.IsNullOrEmpty(id_token) && !String.IsNullOrEmpty(code))
{
principal = AuthenticateIdToken(application, id_token);
var tenantIdClaim = principal.Claims.FirstOrDefault(c => c.Type == TenantIdClaimType);
if (tenantIdClaim == null)
{
throw new InvalidOperationException("Missing tenantid claim");
}
var redirect_uri = request.Url.GetLeftPart(UriPartial.Authority);
var token = AADOAuth2AccessToken.GetAccessTokenByCode(tenantIdClaim.Value, code, redirect_uri);
WriteOAuthTokenCookie(application, token);
response.Redirect(redirect_uri + state, endResponse: true);
return;
}
else
{
var token = ReadOAuthTokenCookie(application);
if (token != null)
{
if (!token.IsValid())
{
token = AADOAuth2AccessToken.GetAccessTokenByRefreshToken(token.TenantId, token.refresh_token, ManagementResource);
WriteOAuthTokenCookie(application, token);
}
principal = new ClaimsPrincipal(new ClaimsIdentity("AAD"));
request.ServerVariables["HTTP_X_MS_OAUTH_TOKEN"] = token.access_token;
}
}
if (principal == null)
{
var loginUrl = GetLoginUrl(application);
response.Redirect(loginUrl, endResponse: true);
return;
}
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
}
public static AADOAuth2AccessToken ReadOAuthTokenCookie(HttpApplication application)
{
var request = application.Context.Request;
// read oauthtoken cookie
var cookies = request.Cookies;
var strb = new StringBuilder();
int index = 0;
while (true)
{
var cookieName = OAuthTokenCookie;
if (index > 0)
{
cookieName += index.ToString(CultureInfo.InvariantCulture);
}
var cookie = cookies[cookieName];
if (cookie == null)
{
break;
}
strb.Append(cookie.Value);
++index;
}
if (strb.Length == 0)
{
return(null);
}
var bytes = Convert.FromBase64String(strb.ToString());
var oauthToken = DecodeCookie(bytes);
if (oauthToken == null || !oauthToken.IsValid())
{
try
{
if (oauthToken != null)
{
oauthToken = AADOAuth2AccessToken.GetAccessTokenByRefreshToken(oauthToken.TenantId, oauthToken.refresh_token, oauthToken.resource);
}
}
catch (Exception)
{
oauthToken = null;
}
if (oauthToken == null)
{
RemoveSessionCookie(application);
return(null);
}
WriteOAuthTokenCookie(application, oauthToken);
}
return(oauthToken);
}