public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken; MsalTokenResponse msalTokenResponse = null; _logger.Verbose("[WamBroker] Acquiring token silently for default account."); using (var core = new NativeInterop.Core()) using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough)) { using (NativeInterop.AuthResult result = await core.SignInSilentlyAsync( authParams, authenticationRequestParameters.CorrelationId.ToString("D"), cancellationToken).ConfigureAwait(false)) { if (result.IsSuccess) { msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger); } else { WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger); } } } return(msalTokenResponse); }
public async Task <MsalTokenResponse> AcquireTokenInteractiveDefaultUserAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters acquireTokenInteractiveParameters) { MsalTokenResponse msalTokenResponse = null; var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken; _logger.Verbose("[WamBroker] Signing in with the default user account."); using (var core = new NativeInterop.Core()) using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough)) { using (NativeInterop.AuthResult result = await core.SignInAsync( _parentHandle, authParams, authenticationRequestParameters.CorrelationId.ToString("D"), cancellationToken).ConfigureAwait(false)) { if (result.IsSuccess) { msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger); } else { _logger.Error($"[WamBroker] Could not login interactively with the Default OS Account. {result.Error}"); WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger); } } } return(msalTokenResponse); }
public async Task <MsalTokenResponse> AcquireTokenInteractiveAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters acquireTokenInteractiveParameters) { MsalTokenResponse msalTokenResponse = null; //need to provide a handle if (_parentHandle == IntPtr.Zero) { throw new MsalClientException( "window_handle_required", "Public Client applications wanting to use WAM need to provide their window handle. Console applications can use GetConsoleWindow Windows API for this."); } //if OperatingSystemAccount is passed then we use the user signed-in on the machine if (PublicClientApplication.IsOperatingSystemAccount(authenticationRequestParameters.Account)) { return(await AcquireTokenInteractiveDefaultUserAsync(authenticationRequestParameters, acquireTokenInteractiveParameters).ConfigureAwait(false)); } var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken; _logger.Verbose("[WamBroker] Using Windows account picker."); using (var core = new NativeInterop.Core()) using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough)) { //Login Hint string loginHint = authenticationRequestParameters.LoginHint ?? authenticationRequestParameters?.Account?.Username; _logger.Verbose("[WamBroker] AcquireTokenInteractive - login hint provided? " + string.IsNullOrEmpty(loginHint)); using (var result = await core.SignInInteractivelyAsync( _parentHandle, authParams, authenticationRequestParameters.CorrelationId.ToString("D"), loginHint, cancellationToken).ConfigureAwait(false)) { if (result.IsSuccess) { msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger); _logger.Verbose("[WamBroker] Successfully retrieved token."); } else { _logger.Error($"[WamBroker] Could not login interactively. {result.Error}"); WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger); } } } return(msalTokenResponse); }
public async Task <MsalTokenResponse> AcquireTokenSilentAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken; MsalTokenResponse msalTokenResponse = null; _logger.Verbose("[WamBroker] Acquiring token silently."); using (var core = new NativeInterop.Core()) using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough)) { using (var account = await core.ReadAccountByIdAsync( acquireTokenSilentParameters.Account.HomeAccountId.ObjectId, authenticationRequestParameters.CorrelationId.ToString("D"), cancellationToken).ConfigureAwait(false)) { if (account == null) { _logger.WarningPii( $"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}", "Could not find a WAM account for the selected user"); throw new MsalUiRequiredException( "wam_no_account_for_id", $"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}"); } using (NativeInterop.AuthResult result = await core.AcquireTokenSilentlyAsync( authParams, authenticationRequestParameters.CorrelationId.ToString("D"), account, cancellationToken).ConfigureAwait(false)) { if (result.IsSuccess) { msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger); } else { WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger); } } } } return(msalTokenResponse); }
/// <summary> /// Create WAM Error Response /// </summary> /// <param name="authResult"></param> /// <param name="authenticationRequestParameters"></param> /// <param name="logger"></param> /// <exception cref="MsalClientException"></exception> /// <exception cref="MsalUiRequiredException"></exception> /// <exception cref="MsalServiceException"></exception> internal static void ThrowExceptionFromWamError( NativeInterop.AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ICoreLogger logger) { MsalServiceException serviceException = null; string internalErrorCode = authResult.Error.Tag.ToString(CultureInfo.InvariantCulture); int errorCode = authResult.Error.ErrorCode; string errorMessage; switch ((ResponseStatus)authResult.Error.Status) { case ResponseStatus.UserCanceled: logger.Error($"[WamBroker] {MsalError.AuthenticationCanceledError} {MsalErrorMessage.AuthenticationCanceled}"); throw new MsalClientException(MsalError.AuthenticationCanceledError, MsalErrorMessage.AuthenticationCanceled); case ResponseStatus.InteractionRequired: case ResponseStatus.AccountUnusable: errorMessage = $"{WamErrorPrefix} \n" + $" Error Code: {errorCode} \n" + $" Error Message: {authResult.Error.Context} \n" + $" Internal Error Code: {internalErrorCode} \n"; logger.Error($"[WamBroker] {MsalError.FailedToAcquireTokenSilentlyFromBroker} {errorMessage}"); throw new MsalUiRequiredException(MsalError.FailedToAcquireTokenSilentlyFromBroker, errorMessage); case ResponseStatus.IncorrectConfiguration: case ResponseStatus.ApiContractViolation: errorMessage = $"{WamErrorPrefix} \n" + $" Error Code: {errorCode} \n" + $" Error Message: {authResult.Error.Status} \n" + $" WAM Error Message: {authResult.Error.Context} \n" + $" Internal Error Code: {internalErrorCode} \n" + $" Is Retryable: false \n" + $" Possible causes: \n" + $"- Invalid redirect uri - ensure you have configured the following url in the AAD portal App Registration: " + $"{WamAdapters.GetExpectedRedirectUri(authenticationRequestParameters.AppConfig.ClientId)} \n" + $"- No Internet connection \n" + $"Please see https://aka.ms/msal-net-wam for details about Windows Broker integration"; logger.Error($"[WamBroker] WAM_provider_error_{errorCode} {errorMessage}"); serviceException = new MsalServiceException($"WAM_provider_error_{errorCode}", errorMessage); serviceException.IsRetryable = false; throw serviceException; case ResponseStatus.NetworkTemporarilyUnavailable: case ResponseStatus.NoNetwork: case ResponseStatus.ServerTemporarilyUnavailable: errorMessage = $"{WamErrorPrefix} \n" + $" Error Code: {errorCode} \n" + $" Error Message: {authResult.Error.Status} \n" + $" WAM Error Message: {authResult.Error.Context} \n" + $" Internal Error Code: {internalErrorCode} \n" + $" Is Retryable: true"; logger.Error($"[WamBroker] WAM_network_error_{errorCode} {errorMessage}"); serviceException = new MsalServiceException(errorCode.ToString(), errorMessage); serviceException.IsRetryable = true; throw serviceException; default: errorMessage = $"Unknown {authResult.Error} (error code {errorCode}) (internal error code {internalErrorCode})"; logger.Verbose($"[WamBroker] {MsalError.UnknownBrokerError} {errorMessage}"); throw new MsalServiceException(MsalError.UnknownBrokerError, errorMessage); } }