private static async Task <AuthenticationParameters> CreateFromResourceUrlCommonAsync(Uri resourceUrl)
{
if (resourceUrl == null)
{
throw new ArgumentNullException("resourceUrl");
}
AuthenticationParameters authParams;
try
{
HttpClientWrapper request = new HttpClientWrapper(resourceUrl.AbsoluteUri, null);
using (await request.GetResponseAsync().ConfigureAwait(false))
{
var ex = new MsalException(MsalError.UnauthorizedResponseExpected);
PlatformPlugin.Logger.Error(null, ex);
throw ex;
}
}
catch (HttpRequestWrapperException ex)
{
PlatformPlugin.Logger.Error(null, ex);
IHttpWebResponse response = ex.WebResponse;
if (response == null)
{
var serviceEx = new MsalServiceException(MsalErrorMessage.UnauthorizedHttpStatusCodeExpected, ex);
PlatformPlugin.Logger.Error(null, serviceEx);
throw serviceEx;
}
authParams = CreateFromUnauthorizedResponseCommon(response);
}
return(authParams);
}
/// <summary>
/// Process ADAL exception and provide common handlers.
/// </summary>
/// <param name="serviceUrl"></param>
/// <param name="clientCredentials"></param>
/// <param name="userCert"></param>
/// <param name="clientId"></param>
/// <param name="redirectUri"></param>
/// <param name="promptBehavior"></param>
/// <param name="isOnPrem"></param>
/// <param name="authority"></param>
/// <param name="logSink"></param>
/// <param name="useDefaultCreds"></param>
/// <param name="adalEx"></param>
/// <param name="msalAuthClient"></param>
private async static Task <ExecuteAuthenticationResults> ProcessAdalExecptionAsync(Uri serviceUrl, ClientCredentials clientCredentials, X509Certificate2 userCert, string clientId, Uri redirectUri, PromptBehavior promptBehavior, bool isOnPrem, string authority, object msalAuthClient, CdsTraceLogger logSink, bool useDefaultCreds, Microsoft.Identity.Client.MsalException adalEx)
{
if (adalEx.ErrorCode.Equals("interaction_required", StringComparison.OrdinalIgnoreCase) ||
adalEx.ErrorCode.Equals("user_password_expired", StringComparison.OrdinalIgnoreCase) ||
adalEx.ErrorCode.Equals("password_required_for_managed_user", StringComparison.OrdinalIgnoreCase) ||
adalEx is Microsoft.Identity.Client.MsalUiRequiredException)
{
logSink.Log("ERROR REQUESTING TOKEN FROM THE AUTHENTICATION CONTEXT - USER intervention required", TraceEventType.Warning);
// ADAL wants the User to do something,, determine if we are able to see a user
if (promptBehavior == PromptBehavior.Always || promptBehavior == PromptBehavior.Auto)
{
// Switch to MFA user mode..
Microsoft.Identity.Client.IAccount user = null; //TODO:UPDATE THIS OR REMOVE AS WE DETERMIN HOW TO SOLVE THIS ISSUE IN MSAL // new Microsoft.Identity.Client.AccountId();
user = null;
//user = new UserIdentifier(clientCredentials.UserName.UserName, UserIdentifierType.OptionalDisplayableId);
return(await ExecuteAuthenticateServiceProcessAsync(serviceUrl, null, userCert, clientId, redirectUri, promptBehavior, isOnPrem, authority, msalAuthClient, logSink, useDefaultCreds : useDefaultCreds, user : user));
}
else
{
logSink.Log("ERROR REQUESTING TOKEN FROM THE AUTHENTICATION CONTEXT - USER intervention required but not permitted by prompt behavior", TraceEventType.Error, adalEx);
throw adalEx;
}
}
else
{
logSink.Log("ERROR REQUESTING Token FROM THE Authentication context - General ADAL Error", TraceEventType.Error, adalEx);
throw adalEx;
}
}
