public IAccessToken GetAccessTokenWithCertificate(AdalConfiguration config, string clientId, string certificateThumbprint, AzureAccount.AccountType credentialType)
{
if (credentialType == AzureAccount.AccountType.User)
{
throw new ArgumentException(string.Format(Resources.InvalidCredentialType, "User"), "credentialType");
}
return new ServicePrincipalAccessToken(config, AcquireTokenWithCertificate(config, clientId, certificateThumbprint),
(adalConfig, appId) => this.RenewWithCertificate(adalConfig, appId, certificateThumbprint), clientId);
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
if (credentialType == AzureAccount.AccountType.User)
{
throw new ArgumentException(string.Format(Resources.InvalidCredentialType, "User"), "credentialType");
}
return new ServicePrincipalAccessToken(config, AcquireTokenWithSecret(config, userId, password), this.RenewWithSecret, userId);
}
public IAccessToken GetAccessTokenWithCertificate(AdalConfiguration config, string clientId, string certificate, AzureAccount.AccountType credentialType)
{
switch (credentialType)
{
case AzureAccount.AccountType.ServicePrincipal:
return servicePrincipalTokenProvider.GetAccessTokenWithCertificate(config, clientId, certificate, credentialType);
default:
throw new ArgumentException(string.Format(Resources.UnsupportedCredentialType, credentialType), "credentialType");
}
}
private AuthenticationResult AcquireTokenWithCertificate(AdalConfiguration config, string appId,
string thumbprint)
{
var certificate = AzureSession.DataStore.GetCertificate(thumbprint);
if (certificate == null)
{
throw new ArgumentException(string.Format(Resources.CertificateNotFoundInStore, thumbprint));
}
var context = GetContext(config);
return context.AcquireToken(config.ResourceClientUri, new ClientAssertionCertificate(appId, certificate));
}
private AuthenticationResult AcquireTokenWithSecret(AdalConfiguration config, string appId, SecureString appKey)
{
if (appKey == null)
{
return RenewWithSecret(config, appId);
}
StoreAppKey(appId, config.AdDomain, appKey);
var credential = new ClientCredential(appId, appKey);
var context = GetContext(config);
return context.AcquireToken(config.ResourceClientUri, credential);
}
private AuthenticationResult RenewWithSecret(AdalConfiguration config, string appId)
{
TracingAdapter.Information(Resources.SPNRenewTokenTrace, appId, config.AdDomain, config.AdEndpoint,
config.ClientId, config.ClientRedirectUri);
using (SecureString appKey = LoadAppKey(appId, config.AdDomain))
{
if (appKey == null)
{
throw new KeyNotFoundException(string.Format(Resources.ServiceKeyNotFound, appId));
}
return AcquireTokenWithSecret(config, appId, appKey);
}
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
switch (credentialType)
{
case AzureAccount.AccountType.User:
return userTokenProvider.GetAccessToken(config, promptBehavior, userId, password, credentialType);
case AzureAccount.AccountType.ServicePrincipal:
return servicePrincipalTokenProvider.GetAccessToken(config, promptBehavior, userId, password, credentialType);
default:
throw new ArgumentException(Resources.UnknownCredentialType, "credentialType");
}
}
private AuthenticationResult AcquireToken(AdalConfiguration config, string appId, SecureString appKey)
{
if (appKey == null)
{
return Renew(config, appId);
}
StoreAppKey(appId, config.AdDomain, appKey);
string authority = config.AdEndpoint + config.AdDomain;
var context = new AuthenticationContext(authority, config.ValidateAuthority,
AzureSession.TokenCache);
var credential = new ClientCredential(appId, appKey);
return context.AcquireToken("https://management.core.windows.net/", credential);
}
private AuthenticationResult AcquireToken(AdalConfiguration config, string appId, SecureString appKey)
{
if (appKey == null)
{
return(Renew(config, appId));
}
StoreAppKey(appId, config.AdDomain, appKey);
string authority = config.AdEndpoint + config.AdDomain;
var context = new AuthenticationContext(authority, config.ValidateAuthority,
ProtectedFileTokenCache.Instance);
var credential = new ClientCredential(appId, appKey);
return(context.AcquireToken("https://management.core.windows.net/", credential));
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, ShowDialog promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result = null;
Exception ex = null;
if (promptBehavior == ShowDialog.Never)
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
}
else
{
var thread = new Thread(() =>
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
}
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
if (ex is AadAuthenticationException)
{
throw ex;
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return(result);
}
private AuthenticationResult SafeAquireToken(
AdalConfiguration config,
ShowDialog showDialog,
string userId,
SecureString password,
out Exception ex)
{
try
{
ex = null;
var promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
return(DoAcquireToken(config, promptBehavior, userId, password));
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired ||
adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
string message = Resources.AdalUserInteractionRequired;
if (adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
message = Resources.AdalMultipleTokens;
}
ex = new AadAuthenticationFailedWithoutPopupException(message, adalEx);
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
return(null);
}
private AuthenticationResult DoAcquireToken(AdalConfiguration config, PromptBehavior promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result;
var context = CreateContext(config);
TracingAdapter.Information(Resources.UPNAcquireTokenContextTrace, context.Authority, context.CorrelationId,
context.ValidateAuthority);
TracingAdapter.Information(Resources.UPNAcquireTokenConfigTrace, config.AdDomain, config.AdEndpoint,
config.ClientId, config.ClientRedirectUri);
if (string.IsNullOrEmpty(userId))
{
if (promptBehavior != PromptBehavior.Never)
{
ClearCookies();
}
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
UserIdentifier.AnyUser, AdalConfiguration.EnableEbdMagicCookie);
}
else
{
if (password == null)
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
new UserIdentifier(userId, UserIdentifierType.OptionalDisplayableId),
AdalConfiguration.EnableEbdMagicCookie);
}
else
{
UserCredential credential = new UserCredential(userId, password);
result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential);
}
}
return(result);
}
private AuthenticationResult RenewWithCertificate(AdalConfiguration config, string appId,
string thumbprint)
{
TracingAdapter.Information(Resources.SPNRenewTokenTrace, appId, config.AdDomain, config.AdEndpoint,
config.ClientId, config.ClientRedirectUri);
return AcquireTokenWithCertificate(config, appId, thumbprint);
}
public ServicePrincipalAccessToken(AdalConfiguration configuration, AuthenticationResult authResult, ServicePrincipalTokenProvider tokenProvider, string appId)
{
Configuration = configuration;
AuthResult = authResult;
this.tokenProvider = tokenProvider;
this.appId = appId;
}
public AdalAccessToken(AuthenticationResult authResult, UserTokenProvider tokenProvider, AdalConfiguration configuration)
{
AuthResult = authResult;
this.tokenProvider = tokenProvider;
Configuration = configuration;
}
private AuthenticationContext CreateContext(AdalConfiguration config)
{
return new AuthenticationContext(config.AdEndpoint + config.AdDomain, config.ValidateAuthority, config.TokenCache)
{
OwnerWindow = parentWindow
};
}
public AdalAccessToken(AuthenticationResult authResult, UserTokenProvider tokenProvider, AdalConfiguration configuration)
{
AuthResult = authResult;
this.tokenProvider = tokenProvider;
Configuration = configuration;
}
public IAccessToken GetAccessTokenWithCertificate(AdalConfiguration config, string clientId, string certificate, AzureAccount.AccountType credentialType)
{
throw new NotImplementedException();
}
private AuthenticationResult SafeAquireToken(
AdalConfiguration config,
ShowDialog showDialog,
string userId,
SecureString password,
out Exception ex)
{
try
{
ex = null;
var promptBehavior = (PromptBehavior)Enum.Parse(typeof(PromptBehavior), showDialog.ToString());
return DoAcquireToken(config, promptBehavior, userId, password);
}
catch (AdalException adalEx)
{
if (adalEx.ErrorCode == AdalError.UserInteractionRequired ||
adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
string message = Resources.AdalUserInteractionRequired;
if (adalEx.ErrorCode == AdalError.MultipleTokensMatched)
{
message = Resources.AdalMultipleTokens;
}
ex = new AadAuthenticationFailedWithoutPopupException(message, adalEx);
}
else if (adalEx.ErrorCode == AdalError.MissingFederationMetadataUrl)
{
ex = new AadAuthenticationFailedException(Resources.CredentialOrganizationIdMessage, adalEx);
}
else
{
ex = adalEx;
}
}
catch (Exception threadEx)
{
ex = threadEx;
}
return null;
}
private AuthenticationResult DoAcquireToken(AdalConfiguration config, PromptBehavior promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result;
var context = CreateContext(config);
TracingAdapter.Information(Resources.UPNAcquireTokenContextTrace, context.Authority, context.CorrelationId,
context.ValidateAuthority);
TracingAdapter.Information(Resources.UPNAcquireTokenConfigTrace, config.AdDomain, config.AdEndpoint,
config.ClientId, config.ClientRedirectUri);
if (string.IsNullOrEmpty(userId))
{
if (promptBehavior != PromptBehavior.Never)
{
ClearCookies();
}
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
UserIdentifier.AnyUser, AdalConfiguration.EnableEbdMagicCookie);
}
else
{
if (password == null)
{
result = context.AcquireToken(config.ResourceClientUri, config.ClientId,
config.ClientRedirectUri, promptBehavior,
new UserIdentifier(userId, UserIdentifierType.RequiredDisplayableId),
AdalConfiguration.EnableEbdMagicCookie);
}
else
{
UserCredential credential = new UserCredential(userId, password);
result = context.AcquireToken(config.ResourceClientUri, config.ClientId, credential);
}
}
return result;
}
public IAccessToken GetAccessTokenWithCertificate(AdalConfiguration config, string principalId, string certificateThumbprint, AzureAccount.AccountType credentialType)
{
return this.accessToken;
}
public IAccessToken GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, string userId, SecureString password,
AzureAccount.AccountType credentialType)
{
return this.accessToken;
}
private AuthenticationContext GetContext(AdalConfiguration config)
{
string authority = config.AdEndpoint + config.AdDomain;
return(new AuthenticationContext(authority, config.ValidateAuthority, config.TokenCache));
}
public ServicePrincipalAccessToken(AdalConfiguration configuration, AuthenticationResult authResult, Func<AdalConfiguration, string, AuthenticationResult> tokenRenewer, string appId)
{
Configuration = configuration;
AuthResult = authResult;
this.tokenRenewer = tokenRenewer;
this.appId = appId;
}
private AuthenticationContext GetContext(AdalConfiguration config)
{
string authority = config.AdEndpoint + config.AdDomain;
return new AuthenticationContext(authority, config.ValidateAuthority, config.TokenCache);
}
// We have to run this in a separate thread to guarantee that it's STA. This method
// handles the threading details.
private AuthenticationResult AcquireToken(AdalConfiguration config, ShowDialog promptBehavior, string userId,
SecureString password)
{
AuthenticationResult result = null;
Exception ex = null;
if (promptBehavior == ShowDialog.Never)
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
}
else
{
var thread = new Thread(() =>
{
result = SafeAquireToken(config, promptBehavior, userId, password, out ex);
});
thread.SetApartmentState(ApartmentState.STA);
thread.Name = "AcquireTokenThread";
thread.Start();
thread.Join();
}
if (ex != null)
{
var adex = ex as AdalException;
if (adex != null)
{
if (adex.ErrorCode == AdalError.AuthenticationCanceled)
{
throw new AadAuthenticationCanceledException(adex.Message, adex);
}
}
if (ex is AadAuthenticationException)
{
throw ex;
}
throw new AadAuthenticationFailedException(GetExceptionMessage(ex), ex);
}
return result;
}
public IAccessToken GetAccessTokenWithCertificate(AdalConfiguration config, string clientId, string certificate, AzureAccount.AccountType credentialType)
{
throw new NotImplementedException();
}