/// <summary>
/// Authenticates the user.
/// </summary>
/// <param name="behavior">The ADAL prompt behavior.</param>
/// <returns>The authentication result.</returns>
public async Task <AuthenticationResult> Authenticate(PromptBehavior behavior)
{
// Check initial authentication values.
if (_clientID.Equals(_placeholderClientID) || _redirectURI.Equals(_placeholderRedirectURI))
{
Toast.MakeText(Android.App.Application.Context, "Please update the authentication values for your application.", ToastLength.Long).Show();
Log.Info(_logTagAuth, "Authentication cancelled. Authentication values need to be updated with user provided values." +
" Client ID = " + _clientID + " Redirect URI = " + _redirectURI);
return(null);
}
if (!Uri.IsWellFormedUriString(_redirectURI, UriKind.RelativeOrAbsolute))
{
Toast.MakeText(Android.App.Application.Context, "Please correct the redirect URI for your application.", ToastLength.Long).Show();
Log.Info(_logTagAuth, "Authentication cancelled. Redirect URI needs to be corrected with a well-formed value." +
" Redirect URI = " + _redirectURI);
return(null);
}
AuthenticationResult result = null;
// Register the callback to capture ADAL logs.
LoggerCallbackHandler.LogCallback = ADALLog;
LoggerCallbackHandler.PiiLoggingEnabled = true;
// Attempt to sign the user in silently.
result = await SignInSilent(_resourceID, null);
// If the user cannot be signed in silently, prompt the user to manually sign in.
if (result == null)
{
result = await SignInWithPrompt(new PlatformParameters((Activity)Forms.Context, false, behavior));
}
// If auth was successful, cache the values and log the success.
if (result != null && result.AccessToken != null)
{
_cachedUPN = result.UserInfo.DisplayableId;
_cachedAADID = result.UserInfo.UniqueId;
Log.Info(_logTagAuth, "Authentication succeeded. UPN = " + _cachedUPN);
// Register the account for MAM
// See: https://docs.microsoft.com/en-us/intune/app-sdk-android#account-authentication
// This app requires ADAL authentication prior to MAM enrollment so we delay the registration
// until after the sign in flow.
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.RegisterAccountForMAM(_cachedUPN, _cachedAADID, result.TenantId);
}
return(result);
}
public EnrollmentService(ILoggingService loggingService)
{
_loggingService = loggingService;
_enrollmentManager = MAMComponents.Get <IMAMEnrollmentManager>();
_notificationRegistery = MAMComponents.Get <IMAMNotificationReceiverRegistry>();
_authenticationResult = null;
_registerError = null;
Endpoint = null;
RegisteredAccounts = new List <string>();
_notificationRegistery.RegisterReceiver(this, MAMNotificationType.MamEnrollmentResult);
_notificationRegistery.RegisterReceiver(this, MAMNotificationType.RefreshPolicy);
_enrollmentManager.RegisterAuthenticationCallback(new MAMWEAuthCallback());
}
/// <summary>
/// Attempt to get a token from the cache without prompting the user for authentication.
/// </summary>
/// <returns> A token on success, null otherwise </returns>
public async void UpdateAccessTokenForMAM()
{
if (string.IsNullOrWhiteSpace(_cachedResourceID))
{
Log.Warn(_logTagAuth, "Resource ID is not set, cannot update access token for MAM.");
return;
}
string token = await GetAccessTokenForMAM(_cachedAADID, _cachedResourceID);
if (!string.IsNullOrWhiteSpace(token))
{
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.UpdateToken(_cachedUPN, _cachedAADID, _cachedResourceID, token);
}
}
/// <summary>
/// Signs the user out of the application and unenrolls from MAM.
/// </summary>
public void SignOut()
{
// Clear the app's token cache so the user will be prompted to sign in again.
authContext.TokenCache.Clear();
string user = User;
if (user != null)
{
// Remove the user's MAM policy from the app
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.UnregisterAccountForMAM(user);
}
Toast.MakeText(Android.App.Application.Context, Resource.String.auth_out_success, ToastLength.Short).Show();
}
public override void OnMAMCreate()
{
// as per Intune SDK doc, callback registration must be done here.
// https://docs.microsoft.com/en-us/mem/intune/developer/app-sdk-android
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.RegisterAuthenticationCallback(new MAMWEAuthCallback());
// Register the notification receivers to receive MAM notifications.
// Along with other, this will receive notification that the device has been enrolled.
IMAMNotificationReceiverRegistry registry = MAMComponents.Get <IMAMNotificationReceiverRegistry>();
registry.RegisterReceiver(new EnrollmentNotificationReceiver(), MAMNotificationType.MamEnrollmentResult);
base.OnMAMCreate();
}
/// <summary>
/// Attempts to register the account for MAM using the given access token before moving on
/// to the main view
/// </summary>
/// <param name="result"> the AuthenticationResult containing a valid access token</param>
public void OnSignedIn(AuthenticationResult result)
{
string upn = result.UserInfo.DisplayableId;
string aadId = result.UserInfo.UniqueId;
string tenantId = result.TenantId;
// Register the account for MAM
// See: https://docs.microsoft.com/en-us/intune/app-sdk-android#account-authentication
// This app requires ADAL authentication prior to MAM enrollment so we delay the registration
// until after the sign in flow.
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.RegisterAccountForMAM(upn, aadId, tenantId);
//Must be run on the UI thread because it is modifying the UI
RunOnUiThread(OpenMainview);
}
/// <summary>
/// Signs the user out of the application and unenrolls from MAM.
/// </summary>
/// <param name="listener"></param>
public void SignOut(IAuthListener listener)
{
// Clear the app's token cache so the user will be prompted to sign in again.
authContext.TokenCache.Clear();
string user = User;
if (user != null)
{
// Remove the user's MAM policy from the app
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.UnregisterAccountForMAM(user);
}
isAuthenticated = false;
listener.OnSignedOut();
}
/// <summary>
/// Signs the user out of the application and unenrolls from MAM.
/// </summary>
public async void SignOut()
{
// Clear the app's token cache so the user will be prompted to sign in again.
var currentAccounts = await PCA.GetAccountsAsync();
if (currentAccounts.Count() > 0)
{
await PCA.RemoveAsync(currentAccounts.FirstOrDefault());
}
string user = User;
if (user != null)
{
// Remove the user's MAM policy from the app
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.UnregisterAccountForMAM(user);
}
Toast.MakeText(Android.App.Application.Context, Resource.String.auth_out_success, ToastLength.Short).Show();
}
public override void OnMAMCreate()
{
// Register the MAMAuthenticationCallback as soon as possible.
// This will handle acquiring the necessary access token for MAM.
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.RegisterAuthenticationCallback(new MAMWEAuthCallback());
// Register the notification receivers to receive MAM notifications.
// Applications can receive notifications from the MAM SDK at any time.
// More information can be found here: https://docs.microsoft.com/en-us/intune/app-sdk-android#register-for-notifications-from-the-sdk
IMAMNotificationReceiverRegistry registry = MAMComponents.Get <IMAMNotificationReceiverRegistry>();
foreach (MAMNotificationType notification in MAMNotificationType.Values())
{
registry.RegisterReceiver(new ToastNotificationReceiver(this), notification);
}
registry.RegisterReceiver(new EnrollmentNotificationReceiver(this), MAMNotificationType.MamEnrollmentResult);
registry.RegisterReceiver(new WipeNotificationReceiver(this), MAMNotificationType.WipeUserData);
base.OnMAMCreate();
}
/// <summary>
/// Signs the user out of the application and unenrolls from MAM.
/// </summary>
/// <param name="listener"></param>
public async void SignOut(IAuthListener listener)
{
// Clear the app's token cache so the user will be prompted to sign in again.
var currentAccounts = await PCA.GetAccountsAsync();
if (currentAccounts.Count() > 0)
{
await PCA.RemoveAsync(currentAccounts.FirstOrDefault());
}
string user = User;
if (user != null)
{
// Remove the user's MAM policy from the app
IMAMEnrollmentManager mgr = MAMComponents.Get <IMAMEnrollmentManager>();
mgr.UnregisterAccountForMAM(user);
}
isAuthenticated = false;
listener.OnSignedOut();
}
