Ejemplo n.º 1
0
        private async Task <UserAssertion> FetchAssertionFromWsTrustAsync()
        {
            if (AuthenticationRequestParameters.AuthorityInfo.AuthorityType == AuthorityType.Adfs ||
                AuthenticationRequestParameters.AuthorityInfo.AuthorityType == AuthorityType.B2C)
            {
                return(null);
            }

            var userRealmResponse = await _commonNonInteractiveHandler
                                    .QueryUserRealmDataAsync(AuthenticationRequestParameters.AuthorityInfo.UserRealmUriPrefix, _usernamePasswordParameters.Username)
                                    .ConfigureAwait(false);

            if (userRealmResponse.IsFederated)
            {
                var wsTrustResponse = await _commonNonInteractiveHandler.PerformWsTrustMexExchangeAsync(
                    userRealmResponse.FederationMetadataUrl,
                    userRealmResponse.CloudAudienceUrn,
                    UserAuthType.UsernamePassword,
                    _usernamePasswordParameters.Username,
                    _usernamePasswordParameters.Password,
                    _usernamePasswordParameters.FederationMetadata).ConfigureAwait(false);

                // We assume that if the response token type is not SAML 1.1, it is SAML 2
                return(new UserAssertion(
                           wsTrustResponse.Token,
                           wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion
                        ? OAuth2GrantType.Saml11Bearer
                        : OAuth2GrantType.Saml20Bearer));
            }

            if (userRealmResponse.IsManaged)
            {
                // handle grant flow
                if (_usernamePasswordParameters.Password == null)
                {
                    throw new MsalClientException(MsalError.PasswordRequiredForManagedUserError);
                }

                return(null);
            }

            throw new MsalClientException(
                      MsalError.UnknownUserType,
                      string.Format(
                          CultureInfo.CurrentCulture,
                          MsalErrorMessage.UnsupportedUserType,
                          userRealmResponse.AccountType));
        }
Ejemplo n.º 2
0
        private async Task <UserAssertion> FetchAssertionFromWsTrustAsync()
        {
            if (!AuthenticationRequestParameters.AuthorityInfo.IsUserAssertionSupported)
            {
                //IWA is currently not supported in pure adfs environments. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2771
                throw new MsalClientException(
                          MsalError.IntegratedWindowsAuthenticationFailed,
                          "Integrated windows authenticaiton is not supported when using WithAdfsAuthority() to specify the authority in ADFS on premises environments"
                          + " See https://aka.ms/msal-net-iwa for more details.");
            }

            var userRealmResponse = await _commonNonInteractiveHandler
                                    .QueryUserRealmDataAsync(AuthenticationRequestParameters.AuthorityInfo.UserRealmUriPrefix, _integratedWindowsAuthParameters.Username)
                                    .ConfigureAwait(false);

            if (userRealmResponse.IsFederated)
            {
                var wsTrustResponse = await _commonNonInteractiveHandler.PerformWsTrustMexExchangeAsync(
                    userRealmResponse.FederationMetadataUrl,
                    userRealmResponse.CloudAudienceUrn,
                    UserAuthType.IntegratedAuth,
                    _integratedWindowsAuthParameters.Username,
                    null,
                    _integratedWindowsAuthParameters.FederationMetadata).ConfigureAwait(false);

                // We assume that if the response token type is not SAML 1.1, it is SAML 2
                return(new UserAssertion(
                           wsTrustResponse.Token,
                           wsTrustResponse.TokenType == WsTrustResponse.Saml1Assertion
                        ? OAuth2GrantType.Saml11Bearer
                        : OAuth2GrantType.Saml20Bearer));
            }

            if (userRealmResponse.IsManaged)
            {
                throw new MsalClientException(
                          MsalError.IntegratedWindowsAuthNotSupportedForManagedUser,
                          MsalErrorMessage.IwaNotSupportedForManagedUser);
            }

            throw new MsalClientException(
                      MsalError.UnknownUserType,
                      string.Format(
                          CultureInfo.CurrentCulture,
                          MsalErrorMessage.UnsupportedUserType,
                          userRealmResponse.AccountType));
        }