Secret including client id and secret.
        public GraphAuthProvider(IMemoryCache memoryCache, IConfiguration configuration)
        {
            var azureOptions = new AzureAdOptions();

            configuration.Bind("AzureAd", azureOptions);

            _appId           = azureOptions.ClientId;
            _aadInstance     = azureOptions.Instance;
            _appSecret       = azureOptions.ClientSecret;
            _credential      = new Microsoft.Identity.Client.ClientCredential(azureOptions.ClientSecret); // For development mode purposes only. Production apps should use a client certificate.
            _scopes          = azureOptions.GraphScopes.Split(new[] { ' ' });
            _redirectUri     = azureOptions.BaseUrl + azureOptions.CallbackPath;
            _graphResourceId = azureOptions.GraphResourceId;
            _tenantId        = azureOptions.TenantId;

            _memoryCache = memoryCache;
        }
        protected override void ProcessRecord()
        {
            AuthenticationResult authenticationResult;

            if (Scopes != null)
            {
                var clientApplication = new PublicClientApplication(MSALPnPPowerShellClientId);
                // Acquire an access token for the given scope
                authenticationResult = clientApplication.AcquireTokenAsync(Scopes).GetAwaiter().GetResult();
            }
            else
            {
                var appCredentials    = new ClientCredential(AppSecret);
                var authority         = new Uri(AADLogin, AADDomain).AbsoluteUri;
                var clientApplication = new ConfidentialClientApplication(authority, AppId, RedirectUri, appCredentials, null);
                authenticationResult = clientApplication.AcquireTokenForClient(DefaultScope, null).GetAwaiter().GetResult();
            }

            // Get back the Access Token and the Refresh Token
            PnPAzureADConnection.AuthenticationResult = authenticationResult;
        }
 /// <summary>
 /// 
 /// </summary>
 /// <param name="authority"></param>
 /// <param name="clientId"></param>
 /// <param name="redirectUri"></param>
 /// <param name="clientCredential"></param>
 /// <param name="userTokenCache"></param>
 public ConfidentialClientApplication(string authority, string clientId, string redirectUri, ClientCredential clientCredential, TokenCache userTokenCache) :base(authority, clientId, redirectUri, true)
 {
     this.ClientCredential = clientCredential;
     this.UserTokenCache = userTokenCache;
     this.AppTokenCache = TokenCache.DefaultSharedAppTokenCache;
 }
  /// <summary>
  /// 
  /// </summary>
  /// <param name="clientId"></param>
  /// <param name="redirectUri"></param>
  /// <param name="clientCredential"></param>
  /// <param name="userTokenCache"></param>
  public ConfidentialClientApplication(string clientId, string redirectUri,
     ClientCredential clientCredential, TokenCache userTokenCache):this(DefaultAuthority, clientId, redirectUri, clientCredential, userTokenCache)
 {
 }
        public void ConfidentialClientUsingCertificateTest()
        {
            ClientCredential cc = new ClientCredential(new ClientAssertionCertificate(new X509Certificate2("valid_cert.pfx", "password")));
            ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId,
                TestConstants.DefaultRedirectUri, cc, new TokenCache());
            app.AppTokenCache = new TokenCache();
            HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
            {
                Method = HttpMethod.Post,
                ResponseMessage = MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage()
            };

            Task<AuthenticationResult> task = app.AcquireTokenForClient(TestConstants.DefaultScope.ToArray(),
                TestConstants.DefaultPolicy);
            AuthenticationResult result = task.Result;
            Assert.IsNotNull(result);
            Assert.IsNotNull("header.payload.signature", result.Token);
            Assert.AreEqual(TestConstants.DefaultScope.AsSingleString(), result.ScopeSet.AsSingleString());

            //make sure user token cache is empty
            Assert.AreEqual(0, app.UserTokenCache.Count);

            //check app token cache count to be 1
            Assert.AreEqual(1, app.AppTokenCache.Count);
            //make sure refresh token is null
            foreach (var value in app.AppTokenCache.tokenCacheDictionary.Values)
            {
                Assert.IsNull(value.RefreshToken);
            }

            //assert client credential
            Assert.IsNotNull(cc.ClientAssertion);
            Assert.AreNotEqual(0, cc.ValidTo);

            //save client assertion.
            string cachedAssertion = cc.ClientAssertion.Assertion;
            long cacheValidTo = cc.ValidTo;

            HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
            {
                Method = HttpMethod.Post,
                ResponseMessage = MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage()
            };

            task = app.AcquireTokenForClient(TestConstants.ScopeForAnotherResource.ToArray(),
                TestConstants.DefaultPolicy);
            result = task.Result;
            Assert.IsNotNull(result);
            Assert.AreEqual(cacheValidTo, cc.ValidTo);
            Assert.AreEqual(cachedAssertion, cc.ClientAssertion.Assertion);
        }
Beispiel #6
0
 /// <summary>
 ///
 /// </summary>
 /// <param name="authority"></param>
 /// <param name="clientId"></param>
 /// <param name="redirectUri"></param>
 /// <param name="clientCredential"></param>
 /// <param name="userTokenCache"></param>
 public ConfidentialClientApplication(string authority, string clientId, string redirectUri, ClientCredential clientCredential, TokenCache userTokenCache) : base(authority, clientId, redirectUri, true)
 {
     this.ClientCredential = clientCredential;
     this.UserTokenCache   = userTokenCache;
     this.AppTokenCache    = TokenCache.DefaultSharedAppTokenCache;
 }
Beispiel #7
0
 /// <summary>
 ///
 /// </summary>
 /// <param name="clientId"></param>
 /// <param name="redirectUri"></param>
 /// <param name="clientCredential"></param>
 /// <param name="userTokenCache"></param>
 public ConfidentialClientApplication(string clientId, string redirectUri,
                                      ClientCredential clientCredential, TokenCache userTokenCache) : this(DefaultAuthority, clientId, redirectUri, clientCredential, userTokenCache)
 {
 }
 /// <summary>
 /// Constructor for a confidential client application requesting tokens with the default authority (<see cref="ClientApplicationBase.DefaultAuthority"/>)
 /// </summary>
 /// <param name="clientId">Client ID (also known as App ID) of the application as registered in the
 /// application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param>
 /// <param name="redirectUri">URL where the STS will call back the application with the security token. REQUIRED</param>
 /// <param name="clientCredential">Credential, previously shared with Azure AD during the application registration and proving the identity
 /// of the application. An instance of <see cref="ClientCredential"/> can be created either from an application secret, or a certificate. REQUIRED.</param>
 /// <param name="userTokenCache">Token cache for saving user tokens. Can be set to null if the confidential client
 /// application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users).
 /// Otherwise should be provided. REQUIRED</param>
 /// <param name="appTokenCache">Token cache for saving application (that is client token). Can be set to <c>null</c> except if the application
 /// uses the client credentials grants</param>
 /// <remarks>
 /// See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications)
 /// Client credential grants are overrides of <see cref="ConfidentialClientApplication.AcquireTokenForClientAsync(IEnumerable{string})"/>
 /// </remarks>
 /// <seealso cref="ConfidentialClientApplication"/> which
 /// enables app developers to specify the authority
 public ConfidentialClientApplication(string clientId, string redirectUri,
                                      ClientCredential clientCredential, TokenCache userTokenCache, TokenCache appTokenCache)
     : this(clientId, DefaultAuthority, redirectUri, clientCredential, userTokenCache, appTokenCache)
 {
     GuardMobileFrameworks();
 }