// // GET: /Home/ public async Task<ActionResult> Index() { // Force SSL if (!Request.IsSecureConnection) { string httplength = "http"; string nonsecureurl = Request.Url.AbsoluteUri.Substring(httplength.Length); string secureurl = String.Format("https{0}", nonsecureurl); RedirectResult result = Redirect(secureurl); result.ExecuteResult(this.ControllerContext); } // This is where state of the app is maintained and data passed between view and controller AppState appState = new AppState(); // Authorization back from AAD in a form post as requested in the authorize request if(Request.Form != null) { // Did it return with an error? if (!String.IsNullOrEmpty(Request.Form["error"])) { appState.ErrorMessage = Request.Form["error"]; appState.AppIsAuthorized = false; return View(appState); } // Authorized without error: Check to see if we have an ID token if (String.IsNullOrEmpty(Request.Form["id_token"])) { appState.AppIsAuthorized = false; } else { // Was it correlated with authorize request var authstate = Session[AppSessionVariables.AuthState] as String; Session[AppSessionVariables.AuthState] = null; if (String.IsNullOrEmpty(authstate)) { appState.ErrorMessage = "Oops. Something went wrong with the authorization state (No auth state). Please retry."; appState.AppIsAuthorized = false; return View(appState); } if (!Request.Form["state"].Equals(authstate)) { appState.ErrorMessage = "Oops. Something went wrong with the authorization state (Invalid auth state). Please retry."; appState.AppIsAuthorized = false; return View(appState); } // Get the TenantId out of the ID Token to address tenant specific token endpoint. // No validation of ID Token as the only info we need is the tenantID // If for any case your app wants to use the ID Token to authenticate // it must be validated. JwtToken openIDToken = GetTenantId(Request.Form["id_token"]); appState.TenantId = openIDToken.tid; appState.TenantDomain = openIDToken.domain; appState.LoggedOnUser = openIDToken.upn; appState.AppIsAuthorized = true; } } if(appState.AppIsAuthorized) { // Get app-only access tokens .... try { // Get an app-only access token for the AAD Graph Rest APIs var authResult = await GetAppOnlyAccessToken(appConfig.GraphResourceUri, appState.TenantId); // Get list of users in this Tenant from AAD Graph to fill drop down with smtp addresses List<GraphUser> users = GetUsers(appState.TenantId, authResult.AccessToken); appState.MailboxList = this.BuildMailboxDropDownList(string.Empty, users); appState.MailboxSmtpAddress = appState.MailboxList.SelectedValue as String; // For convenience maintain this list as a session Session[AppSessionVariables.MailboxList] = users; // Get app-only access tokens for Exchange Rest APIs authResult = await GetAppOnlyAccessToken(appConfig.ExchangeResourceUri, appState.TenantId); appState.AccessToken = authResult.AccessToken; appState.AccessTokenAquiredWithoutError = true; SetSessionInProgress(); } catch(Exception ex) { appState.ErrorMessage = ex.Message; } } return View(appState); }
public ActionResult Auhorize(AppState passedAppState) { passedAppState.AppIsAuthorized = false; // hit the common endpoint for authorization, // after authorization we will use the tenant specific endpoint for getting app-only tokens UriBuilder authorizeRequest = new UriBuilder(appConfig.AuthorizationUri); // Maintain state for authorize request to prvenet cross forgery attacks var authstate = Guid.NewGuid().ToString(); Session[AppSessionVariables.AuthState] = authstate; authorizeRequest.Query = "state=" + authstate + "&response_type=code+id_token" + "&scope=openid" + "&nonce=" + Guid.NewGuid().ToString() + "&client_id=" + appConfig.ClientId + "&redirect_uri=" + HttpUtility.UrlEncode(appConfig.RedirectUri) + "&resource=" + HttpUtility.UrlEncode(appConfig.GraphResourceUri) + #if DEBUG "&login_hint=" + appConfig.DebugOffice365User + #endif "&prompt=admin_consent" + "&response_mode=form_post"; RedirectResult result = Redirect(authorizeRequest.Uri.ToString()); result.ExecuteResult(this.ControllerContext); return View("Index", passedAppState); }
public ActionResult GetContacts(AppState passedAppState) { if (!IsSessionInProgress()) { return RedirectHome(); } string api = String.Format("{0}api/v1.0/users('{1}')/contacts?$top=50", appConfig.ExchangeResourceUri, passedAppState.MailboxSmtpAddress); MakeExchangeRestApiRequest(api, ref passedAppState); return View("Index", passedAppState); }
public ActionResult StartOver(AppState passedAppState) { if (!IsSessionInProgress()) { return RedirectHome(); } AppState appState = new AppState(); Session.Clear(); UriBuilder signOutRequest = new UriBuilder(appConfig.SignoutUri.Replace("common", passedAppState.TenantId)); signOutRequest.Query = "post_logout_redirect_uri=" + HttpUtility.UrlEncode(appConfig.RedirectUri); RedirectResult result = Redirect(signOutRequest.Uri.ToString()); result.ExecuteResult(this.ControllerContext); return View("Index", appState); }
private void MakeExchangeRestApiRequest(string api, ref AppState passedAppState) { if (IsValidSmtp(passedAppState.MailboxSmtpAddress)) { passedAppState.Request = api; Func<HttpRequestMessage> requestCreator = () => { HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, api); request.Headers.Add("Accept", "application/json; odata.metadata=none"); return request; }; string json = HttpRequestHelper.MakeHttpRequest(requestCreator, passedAppState.AccessToken); passedAppState.Response = JObject.Parse(json).ToString(/*Newtonsoft.Json.Formatting.Indented*/); } else { passedAppState.ErrorMessage = "Invalid SMTP"; } List<GraphUser> users = Session[AppSessionVariables.MailboxList] as List<GraphUser>; passedAppState.MailboxList = BuildMailboxDropDownList(passedAppState.MailboxSmtpAddress, users); }