/// <summary>
/// Retrieves a new auth token from AAD.
/// </summary>
/// <param name="authUrl">The root of the authority url.</param>
/// <param name="tenantDomain">The domain name of the Azure tenant as the second part of the authority url.</param>
/// <param name="targetServiceUrl">The url of the service that should be accessed. Be sure to check trailing slashes!</param>
/// <param name="clientId">The unique client id as it is configured in Azure Portal.</param>
/// <param name="appKey">This value is optional and contains the App-Key-Secret if it is configured in azure portal.</param>
/// <param name="redirectUrl">The redirect url as it is configured in Azure Portal.</param>
/// <returns>The authentication token.</returns>
public static async Task<string> RetrieveTokenAsync(string authUrl, string tenantDomain, string targetServiceUrl, string clientId, Uri redirectUrl, string appKey = null)
{
var authenticationContext = new AuthenticationContext($"{authUrl}/{tenantDomain}");
try
{
AuthenticationResult result = null;
if (appKey.IsNullOrEmpty())
{
// use user auth
var parameters = new PlatformParameters(PromptBehavior.Auto);
result = await authenticationContext.AcquireTokenAsync(targetServiceUrl, clientId, redirectUrl, parameters).ConfigureAwait(false);
}
else
{
// use key auth
var clientCredential = new ClientCredential(clientId, appKey);
result = await authenticationContext.AcquireTokenAsync(targetServiceUrl, clientCredential).ConfigureAwait(false);
}
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
// store token for reuse
return result.AccessToken;
}
catch (Exception ex)
{
throw new InvalidOperationException("Could not retrieve token.", ex);
}
}
/// <summary>
/// Get Token for Application.
/// </summary>
/// <returns>Token for application.</returns>
public static string GetTokenForApplication(string tenantName, string clientId, string clientSecret)
{
AuthenticationContext authenticationContext = new AuthenticationContext(String.Format(Constants.AuthString, tenantName), false);
// Config for OAuth client credentials
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
Task<AuthenticationResult> authenticationResult = authenticationContext.AcquireTokenAsync(Constants.ResourceUrl, clientCred);
string token = authenticationResult.Result.AccessToken;
return token;
}
public async Task JsonWebTokenWithX509PublicCertSendX5CTestAsync()
{
var certificate = new X509Certificate2("valid_cert.pfx", TestConstants.DefaultPassword);
var clientAssertion = new ClientAssertionCertificate(TestConstants.DefaultClientId, certificate);
var context = new AuthenticationContext(TestConstants.TenantSpecificAuthority, new TokenCache());
var validCertClaim = "\"x5c\":\"" + Convert.ToBase64String(certificate.GetRawCertData());
//Check for x5c claim
HttpMessageHandlerFactory.AddMockHandler(X5CMockHandler);
AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion, true).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
HttpMessageHandlerFactory.AddMockHandler(X5CMockHandler);
result = await context.AcquireTokenByAuthorizationCodeAsync(TestConstants.DefaultAuthorizationCode, TestConstants.DefaultRedirectUri, clientAssertion, TestConstants.DefaultResource, true).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
//Check for empty x5c claim
HttpMessageHandlerFactory.AddMockHandler(EmptyX5CMockHandler);
context.TokenCache.Clear();
result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion, false).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
HttpMessageHandlerFactory.AddMockHandler(EmptyX5CMockHandler);
result = await context.AcquireTokenByAuthorizationCodeAsync(TestConstants.DefaultAuthorizationCode, TestConstants.DefaultRedirectUri, clientAssertion, TestConstants.DefaultResource, false).ConfigureAwait(false);
Assert.IsNotNull(result.AccessToken);
}
public async Task<string> Login(string sharePointSiteUrl, bool forceLogin = false)
{
var spUri = new Uri(sharePointSiteUrl);
string resourceUri = spUri.Scheme + "://" + spUri.Authority;
ADAL.AuthenticationResult authenticationResult;
try
{
authenticationResult = await AuthContext.AcquireTokenSilentAsync(resourceUri, clientId);
}
catch (ADAL.AdalSilentTokenAcquisitionException)
{
//Console.WriteLine("Silent Async failed. Use prompt instead.");
try
{
// prevent flashing of login window when credentials are valid
var authParam = new ADAL.PlatformParameters(ADAL.PromptBehavior.Never);
authenticationResult = await AuthContext.AcquireTokenAsync(resourceUri, clientId, new Uri(redirectUri), authParam);
}
catch (ADAL.AdalException /* e */)
{
//Console.WriteLine(e);
var authParam = new ADAL.PlatformParameters(ADAL.PromptBehavior.Auto);
authenticationResult = await AuthContext.AcquireTokenAsync(resourceUri, clientId, new Uri(redirectUri), authParam);
}
}
return authenticationResult.CreateAuthorizationHeader();
}
/// <summary>
/// Gets the access token
/// </summary>
/// <param name="authority"> Authority </param>
/// <param name="resource"> Resource </param>
/// <param name="scope"> scope </param>
/// <returns> token </returns>
public async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, _credential);
return result.AccessToken;
}
static void Main(string[] args)
{
/// Azure AD WebApi's APP ID URL
string resource = "";
/// Azure AD WebApi's Client ID
string clientId = "";
/// Azure AD User's credentials
string userName = "";
string userPassword = "";
/// Web API's URL
string apiUrl = "http://localhost:3672/api/Test";
var user = new UserCredential(userName, userPassword);
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/common");
/// Get an Access Token to Access the Web API on behalf of the user
AuthenticationResult authResult = authContext.AcquireTokenAsync(resource, clientId, user).Result;
/// Call WebAPI passing Access token on header
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
/// Get the result
HttpResponseMessage response = client.GetAsync(apiUrl).Result;
string text = response.Content.ReadAsStringAsync().Result;
}
public async Task AcquireTokenWithValidTokenInCache_ReturnsCachedTokenAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100))
};
var result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("existing-access-token", result.AccessToken);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.IsNotNull(result.UserInfo);
// There should be one cached entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public void UserRealmDiscoveryFailsTest()
{
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId)
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Bad request received")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
var ex = AssertException.TaskThrows <AdalException>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserPasswordCredential(TestConstants.DefaultDisplayableId,
TestConstants.DefaultPassword)));
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
Assert.AreEqual(0, context.TokenCache.Count);
//To be addressed in a later fix
//Assert.AreEqual(((AdalException)ex.InnerException.InnerException).ErrorCode, AdalError.UserRealmDiscoveryFailed);
}
public async Task UnknownUserRealmDiscoveryTestAsync()
{
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant);
await context.Authenticator.UpdateFromTemplateAsync(null).ConfigureAwait(false);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetUserRealmEndpoint(TestConstants.DefaultAuthorityCommonTenant) + "/" + TestConstants.DefaultDisplayableId)
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"Unknown\",\"cloud_instance_name\":\"login.microsoftonline.com\"}")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
var ex = AssertException.TaskThrows <AdalException>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserPasswordCredential(TestConstants.DefaultDisplayableId,
TestConstants.DefaultPassword)));
Assert.AreEqual(AdalError.UnknownUserType, ex.ErrorCode);
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
Assert.AreEqual(0, context.TokenCache.Count);
}
private async Task AddRoles(SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> arg)
{
var context = new Adal.AuthenticationContext("https://login.microsoftonline.com/" + tenant);
var clientCredentials = new Adal.ClientCredential(GraphClientId, GraphClientSecret);
var token = await context.AcquireTokenAsync("https://graph.windows.net/", clientCredentials);
var userId = arg.AuthenticationTicket.Identity.Claims
.First(x => x.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier")
.Value;
HttpClient http = new HttpClient();
string url = "https://graph.windows.net/b2ctestdes.onmicrosoft.com/users/" + userId + "/memberOf?api-version=1.6";
// Append the access token for the Graph API to the Authorization header of the request by using the Bearer scheme.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var result = await response.Content.ReadAsStringAsync();
dynamic groups = JObject.Parse(result);
foreach (var group in groups.value)
{
string groupName = group.displayName;
arg.AuthenticationTicket.Identity.AddClaim(
new Claim(ClaimTypes.Role, groupName));
}
}
}
/// <summary>
/// Get the access token
/// </summary>
/// <param name="clientId">Client ID of the Web API app</param>
/// <param name="appKey">Client secret for the Web API app</param>
/// <param name="aadInstance">The login URL for AAD</param>
/// <param name="tenant">Your tenant (eg kirke.onmicrosoft.com)</param>
/// <param name="resource">The resource being accessed
///(eg., https://rbinrais.sharepoint.com)
/// </param>
/// <returns>string containing the access token</returns>
public static async Task<string> GetAccessToken(
string clientId,
string appKey,
string aadInstance,
string tenant,
string resource)
{
string accessToken = null;
AuthenticationResult result = null;
ClientCredential clientCred = new ClientCredential(clientId, appKey);
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
string userAccessToken = authHeader.Substring(authHeader.LastIndexOf(' ')).Trim();
UserAssertion userAssertion = new UserAssertion(userAccessToken);
string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
AuthenticationContext authContext = new AuthenticationContext(authority);
result = await authContext.AcquireTokenAsync(resource, clientCred, userAssertion);
accessToken = result.AccessToken;
return accessToken;
}
public async Task JsonWebTokenWithX509PublicCertClaimTest()
{
var certificate = new X509Certificate2("valid_cert.pfx", TestConstants.DefaultPassword);
var clientAssertion = new ClientAssertionCertificate(TestConstants.DefaultClientId, certificate);
var context = new AuthenticationContext(TestConstants.TenantSpecificAuthority, new TokenCache());
var validCertClaim = "\"x5c\":\"" + Convert.ToBase64String(certificate.GetRawCertData());
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.TenantSpecificAuthority))
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"token_type\":\"Bearer\",\"expires_in\":\"3599\",\"access_token\":\"some-access-token\"}")
},
AdditionalRequestValidation = request =>
{
var requestContent = request.Content.ReadAsStringAsync().GetAwaiter().GetResult();
var formsData = EncodingHelper.ParseKeyValueList(requestContent, '&', true, null);
// Check presence of client_assertion in request
string encodedJwt;
Assert.IsTrue(formsData.TryGetValue("client_assertion", out encodedJwt), "Missing client_assertion from request");
// Check presence of x5c cert claim. It should not exist.
var jwtHeader = EncodingHelper.UrlDecode(encodedJwt.Split('.')[0]);
Assert.IsTrue(!jwtHeader.Contains("\"x5c\":"));
}
});
AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion);
Assert.IsNotNull(result.AccessToken);
}
public async Task AutoPromptBehaviorWithTokenInCacheTestAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100))
};
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("existing-access-token", result.AccessToken);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
private static async Task<string> GetAccessToken(X509Certificate2 certificate)
{
var authenticationContext = new AuthenticationContext(Authority, false);
var cac = new ClientAssertionCertificate(ClientId, certificate);
var authenticationResult = await authenticationContext.AcquireTokenAsync(GraphUrl, cac);
return authenticationResult.AccessToken;
}
private async void Authenticate()
{
var authConfig = App.AuthenticationConfiguration;
var authContext = new AuthenticationContext("https://login.windows.net/" + authConfig.DirectoryDomain);
//Use this during development if you don't want your credentials cached
//authContext.TokenCacheStore.Clear();
var result = await authContext.AcquireTokenAsync(authConfig.AppRedirectUri, authConfig.AppClientId, new Uri(authConfig.ApiAppSignOnUrl));
if (result.Status == AuthenticationStatus.Success)
{
App.BearerToken = result.AccessToken;
App.CurrentUser = result.UserInfo;
//Here is how to make a secure HTTP call with SecureHttpClient
//var secureHttpClient = new SecureHttpClient(result.AccessToken);
//var resp = await secureHttpClient.GetAsync("http://localhost:3184/api/echo?whoami=true");
var rootFrame = (Frame)Window.Current.Content;
rootFrame.Navigate(typeof(Views.Menu.MenuPage));
}
else
{
Authenticate();
}
}
static void Main(string[] args)
{
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3 | System.Net.SecurityProtocolType.Tls12 | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls;
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
var authenticationContext = new AuthenticationContext(authorityUriv2, true);
var authContext = new AuthenticationContext(authorityUriv2);
var authenticationResult = authContext.AcquireTokenAsync(resource, clientId, new Uri(ClientRedirectUrl), new PlatformParameters(PromptBehavior.Auto)).GetAwaiter().GetResult();
accessToken = authenticationResult.AccessToken;
//var clientBC = new RestClient("https://api.businesscentral.dynamics.com/v2.0/Production/api/CertTech/Integrations/v1.0");
var clientBC = new RestClient("https://api.businesscentral.dynamics.com/v2.0/Production/api/CertTech/Integrations/v1.0/companies");
clientBC.Timeout = -1;
var requestBC = new RestRequest(Method.GET);
requestBC.AddHeader("Authorization", "Bearer " + accessToken);
IRestResponse responseBC = clientBC.Execute(requestBC);
bcResponse = responseBC.Content;
object resposeDataBC = JsonConvert.DeserializeObject(bcResponse);
Console.Write(resposeDataBC);
Console.ReadKey();
}
private async Task <AuthenticationResult> GetAppOnlyAccessToken(string resource, string tenantId)
{
string authority = appConfig.AuthorizationUri.Replace("common", tenantId);
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(
authority,
false);
string certfile = Server.MapPath(appConfig.ClientCertificatePfx);
X509Certificate2 cert = new X509Certificate2(
certfile,
appConfig.ClientCertificatePfxPassword,
X509KeyStorageFlags.MachineKeySet);
// ADAL new ... (in Beta, might change)
// ClientAssertionCertificate cac = new ClientAssertionCertificate(
// appConfig.ClientId,
// cert.GetRawCertData(),
// appConfig.ClientCertificatePfxPassword);
// ADAL current released (2.12.111071459)
ClientAssertionCertificate cac = new ClientAssertionCertificate(
appConfig.ClientId, cert);
var authenticationResult = await authenticationContext.AcquireTokenAsync(
resource,
cac);
return(authenticationResult);
}
public async Task AutoPromptBehaviorTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "grant_type", "authorization_code" }
}
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
// There should be one cached entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
static async Task MainAsync(string[] args)
{
var keyClient = new KeyVaultClient(async (authority, resource, scope) =>
{
var adCredential = new ClientCredential(applicationId, applicationSecret);
var authenticationContext = new AuthenticationContext(authority, null);
return (await authenticationContext.AcquireTokenAsync(resource, adCredential)).AccessToken;
});
// Get the key details
var keyIdentifier = "https://rahulkeyvault.vault.azure.net:443/keys/NewKey";
var key = await keyClient.GetKeyAsync(keyIdentifier);
var publicKey = Convert.ToBase64String(key.Key.N);
using (var rsa = new RSACryptoServiceProvider())
{
var p = new RSAParameters() { Modulus = key.Key.N, Exponent = key.Key.E };
rsa.ImportParameters(p);
var byteData = Encoding.Unicode.GetBytes(textToEncrypt);
// Encrypt and Decrypt
var encryptedText = rsa.Encrypt(byteData, true);
var decryptedData = await keyClient.DecryptAsync(keyIdentifier, "RSA-OAEP", encryptedText);
var decryptedText = Encoding.Unicode.GetString(decryptedData.Result);
// Sign and Verify
var hasher = new SHA256CryptoServiceProvider();
var digest = hasher.ComputeHash(byteData);
var signature = await keyClient.SignAsync(keyIdentifier, "RS256", digest);
var isVerified = rsa.VerifyHash(digest, "Sha256", signature.Result);
}
}
public void ForcePromptForNeverPromptBehaviorTest()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow)
};
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
var exc = AssertException.TaskThrows <AdalServiceException>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Never)));
Assert.AreEqual(AdalError.FailedToRefreshToken, exc.ErrorCode);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
private async Task AdalLogin(bool forcePrompt)
{
var spUri = new Uri($"{txtSiteFor2FA.Text}");
string resourceUri = spUri.Scheme + "://" + spUri.Authority;
const string clientId = "9bc3ab49-b65d-410a-85ad-de819febfddc";
const string redirectUri = "https://oauth.spops.microsoft.com/";
ADAL.AuthenticationResult authenticationResult;
if (authContext == null || forcePrompt)
{
ADAL.TokenCache cache = new ADAL.TokenCache();
authContext = new ADAL.AuthenticationContext(AuthorityUri, cache);
}
try
{
if (forcePrompt)
{
throw new ADAL.AdalSilentTokenAcquisitionException();
}
authenticationResult = await authContext.AcquireTokenSilentAsync(resourceUri, clientId);
}
catch (ADAL.AdalSilentTokenAcquisitionException)
{
authenticationResult = await authContext.AcquireTokenAsync(resourceUri, clientId, new Uri(redirectUri), new PlatformParameters(PromptBehavior.Always, null), ADAL.UserIdentifier.AnyUser, null, null);
}
options.AccessToken = authenticationResult.AccessToken;
accessTokenObtained = true;
}
static void Main(string[] args)
{
/// Azure AD WebApi's APP ID URL
string resource = "";
/// Azure AD WebApi's Client ID
string clientId = "";
/// Azure AD User's credentials
string userName = "";
string userPassword = "";
/// Web API's URL
string apiUrl = "http://localhost:3672/api/Test";
var user = new UserCredential(userName, userPassword);
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/common");
/// Get an Access Token to Access the Web API on behalf of the user
AuthenticationResult authResult = authContext.AcquireTokenAsync(resource, clientId, user).Result;
/// Call WebAPI passing Access token on header
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
/// Get the result
HttpResponseMessage response = client.GetAsync(apiUrl).Result;
string text = response.Content.ReadAsStringAsync().Result;
}
/// <summary>
/// get crm service client
/// </summary>
public void GetCrmServiceClient()
{
if (string.IsNullOrWhiteSpace(this.crmConnection))
{
this.ReadKeyVault();
}
try
{
var credentials = new ClientCredential(this.appClientID, this.appClientSecret);
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(this.authority);
var result = authContext.AcquireTokenAsync(this.resourceURL, credentials).Result;
var accesToken = result.AccessToken;
Uri serviceUrl = new Uri(this.CRMConnection);
using (sdkService = new OrganizationWebProxyClient(serviceUrl, false))
{
sdkService.HeaderToken = accesToken;
this.ServiceClient = (IOrganizationService)sdkService != null ? (IOrganizationService)sdkService : null;
}
}
catch (FaultException<Microsoft.Xrm.Sdk.OrganizationServiceFault> ex)
{
this.logger.Error("CRM Connection Issue: ", ex);
throw;
}
catch (Exception ex)
{
this.logger.Error("CRM Connection Issue: ", ex);
throw;
}
}
public ICustomActivityResult Execute()
{
string Message = string.Empty;
string authContextURL = "https://login.windows.net/" + tenantId;
var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authContextURL);
var credential = new ClientCredential(clientId, clientSecret);
var result = authenticationContext.AcquireTokenAsync(resource: "https://management.azure.com/", clientCredential: credential).Result;
if (result == null)
{
Message = "Failed to obtain the JWT token";
return(this.GenerateActivityResult(Message));
}
string token = result.AccessToken;
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://management.azure.com/subscriptions/" + subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.Compute/snapshots/" + snapshotName + "?api-version=2018-06-01");
request.Method = "DELETE";
request.Headers["Authorization"] = "Bearer " + token;
request.ContentType = "application/json";
try
{
request.GetRequestStream();
var httpResponse = (HttpWebResponse)request.GetResponse();
httpResponse.GetResponseStream();
}
catch (Exception ex)
{
Message = ex.Message;
return(this.GenerateActivityResult(Message));
}
Message = "Success";
return(this.GenerateActivityResult(Message));
}
public async Task <string> GetAccessTokenAdal()
{
var creds = new Adal.ClientCredential(CLIENT_ID, CLIENT_SECRET);
var ctx = new Adal.AuthenticationContext($"https://login.microsoftonline.com/{TENANT_ID}", false);
var token = await ctx.AcquireTokenAsync("https://database.windows.net/", creds);
return(token.AccessToken);
}
public static string GetToken(string clientId, string clientSecret, string authority, string resourceUrl)
{
ClientCredential credentials = new ClientCredential(clientId, clientSecret);
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority);
var result = authContext.AcquireTokenAsync(resourceUrl, credentials).Result;
return(result.AccessToken);
}
public static async Task <string> GetTokenWeb(RuntimeOptions runtimeOptions)
{
// Get OAuth token using client credentials
string tenantName = runtimeOptions.tenantName;
string authString = runtimeOptions.authUrl + "/" + tenantName;
authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authString, false);
string token;
try
{
AuthenticationResult authenticationResult = null;
if (runtimeOptions.cert == null)
{
ClientCredential clientCred = new ClientCredential(runtimeOptions.clientId, runtimeOptions.key);
authenticationResult = await authenticationContext.AcquireTokenAsync(runtimeOptions.resource, clientCred);
}
else
{
ClientAssertionCertificate clientCert = new ClientAssertionCertificate(runtimeOptions.clientId, runtimeOptions.cert);
authenticationResult = await authenticationContext.AcquireTokenAsync(runtimeOptions.resource, clientCert);
}
token = authenticationResult.AccessToken;
return(token);
}
catch (AuthenticationException ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Acquiring a token failed with the following error: {0}", ex.Message);
if (ex.InnerException != null)
{
// You should implement retry and back-off logic according to
// http://msdn.microsoft.com/en-us/library/dn168916.aspx . This topic also
// explains the HTTP error status code in the InnerException message.
Console.WriteLine("Error detail: {0}", ex.InnerException.Message);
}
return(string.Empty);
}
catch (Exception ex)
{
return(ex.ToString());
}
}
public static async Task <string> GetAccessToken(string azureTenantId, string clientId, string redirectUri)
{
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
var credential = new ClientCredential(appId, appSecret);
var tokenResult = await context.AcquireTokenAsync("https://vault.azure.net", credential);
return(tokenResult.AccessToken);
}
private async Task <AuthenticationResult> GetTokenForPBIEmbedded()
{
UserPasswordCredential credentials = new UserPasswordCredential(username, password);
var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority);
return(await authenticationContext.AcquireTokenAsync(pbiApiResourceUrl, clientId, credentials));
}
/// <summary>
/// Authentication callback that gets a token using the X509 certificate
/// </summary>
/// <param name="authority">Address of the authority</param>
/// <param name="resource">Identifier of the target resource that is the recipient of the requested token</param>
/// <param name="scope">Scope</param>
/// <param name="assertionCert">The assertion certificate</param>
/// <returns> The access token </returns>
public static async Task<string> GetAccessToken(string authority, string resource, string scope, ClientAssertionCertificate assertionCert)
{
var context = new AuthenticationContext(authority, TokenCache.DefaultShared);
var result = await context.AcquireTokenAsync(resource, assertionCert);
return result.AccessToken;
}
public static AuthenticationResult GetAzureAdToken(AuthenticationContext authContext, String resourceHostUri,
string clientId, string redirectUri, UserCredential uc)
{
AuthenticationResult authenticationResult = null;
Console.WriteLine("Performing GetAzureAdToken");
try
{
Console.WriteLine("Passed resource host URI is " + resourceHostUri);
if (resourceHostUri.StartsWith("http"))
{
resourceHostUri = Helpers.ReduceUriToProtoAndHost(resourceHostUri);
Console.WriteLine("Normalized the resourceHostUri to just the protocol and hostname " + resourceHostUri);
}
// check if there's a user credential - i.e. a username and password
if(uc != null)
{
authenticationResult = authContext.AcquireTokenAsync(resourceHostUri, clientId, uc).Result;
}
else {
PlatformParameters platformParams = new PlatformParameters(PromptBehavior.Auto);
authenticationResult = authContext.AcquireTokenAsync(resourceHostUri, clientId, new Uri(redirectUri), platformParams).Result;
}
//Console.WriteLine("Bearer token from Azure AD is " + authenticationResult.AccessToken);
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("An unexpected error occurred.");
string message = ex.Message;
if (ex.InnerException != null)
{
message += Environment.NewLine + "Inner Exception : " + ex.InnerException.Message;
}
Console.WriteLine("Message: {0}", message);
Console.ForegroundColor = ConsoleColor.White;
}
return authenticationResult;
}
private static async Task <Adalv2.AuthenticationResult> AcquireAadToken(string audience)
{
var authority = GetAuthority(audience);
var credential = new Adalv2.ClientCredential(Config.InternalUsersClientId, Config.InternalUsersClientSecret);
var authContext = new Adalv2.AuthenticationContext(authority);
var result = await authContext.AcquireTokenAsync(Config.InternalUsersClientId, credential);
return(result);
}
private async Task <string> GetTokenAsync()
{
var resourceID = $"https://{config.Region}.asazure.windows.net";
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($"https://login.windows.net/{config.TenantId}");
ClientCredential credential = new ClientCredential(config.ClientId, config.ClientSecret);
AuthenticationResult token = await authContext.AcquireTokenAsync(resourceID, credential).ConfigureAwait(false);
return(token.AccessToken); //Use this token to connect to AAS.
}
public async Task<AuthenticationResult> GetToken(string resource)
{
ClientAssertionCertificate cac = GetClientAssertionCertificate();
AuthenticationContext authContext = new AuthenticationContext(SettingsHelper.AzureADAuthority);
AuthenticationResult authResult = await authContext.AcquireTokenAsync(resource, cac);
return authResult;
}
/// <summary>
/// Gets an access token for the client ID and client key specified in the configuration.
/// </summary>
/// <param name="authority">The authority granting access.</param>
/// <param name="resource">The resource to access.</param>
/// <param name="scope">The scope of the authentication request.</param>
/// <returns>An access token.</returns>
public static async Task<string> GetAccessToken(string authority, string resource, string scope)
{
ClientCredential credential = new ClientCredential(CloudConfigurationManager.GetSetting("KVClientId"), CloudConfigurationManager.GetSetting("KVClientKey"));
AuthenticationContext ctx = new AuthenticationContext(new Uri(authority).AbsoluteUri, false);
AuthenticationResult result = await ctx.AcquireTokenAsync(resource, credential);
return result.AccessToken;
}
private string AcquireToken(string resourceURI, string authority, string clientId, string clientSecret, string redirectUrl, string userName)
{
var clientCredential = new ClientCredential(clientId, clientSecret);
AuthenticationContext authContext =
new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority, false);
AuthenticationResult result = authContext.AcquireTokenAsync(resourceURI, clientCredential).Result;
return(result.AccessToken);
}
public async Task ForcePromptForSelectAccountPromptBehaviorTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"),
// validate that authorizationUri passed to WebUi contains prompt=select_account query parameter
new Dictionary <string, string> {
{ "prompt", "select_account" }
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
await context.TokenCache.StoreToCacheAsync(new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100))
{
UserInfo =
new UserInfo()
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId
}
},
},
TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
new CallState(new Guid())).ConfigureAwait(false);
ResetInstanceDiscovery();
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>
{
{ "grant_type", "authorization_code" }
}
});
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.SelectAccount)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
private async Task <ServiceClientCredentials> GetCredentials(string tenantId, string clientId, string clientSecret)
{
var context = new AD.AuthenticationContext($"https://login.windows.net/{tenantId}");
var credential = new AD.ClientCredential(clientId, clientSecret);
var result = await context.AcquireTokenAsync("https://management.core.windows.net/", credential);
string token = result.CreateAuthorizationHeader().Substring("Bearer ".Length);
return(new TokenCredentials(token));
}
private static static async Task <string> GetAccessToken(string azureTenantId, string azureAppId, string azureSecretKey)
{
var context = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($"https://login.windows.net/{_tenantId}");
var clientCredential = new ClientCredential(_appId, _appSecret);
var tokenResponse = await context.AcquireTokenAsync("https://vault.azure.net", clientCredential);
var accessToken = tokenResponse.AccessToken;
return(accessToken);
}
/// <summary>
/// Authenticate using the credentials stored for the given client id
/// </summary>
/// <param name="clientId">The Application ID for this service principal</param>
/// <param name="audience">The intended audicne for authentication</param>
/// <param name="context">The AD AuthenticationContext to use</param>
/// <returns></returns>
public async Task<AuthenticationResult> AuthenticateAsync(string clientId, string audience, AuthenticationContext context)
{
if (_credentials.ContainsKey(clientId))
{
var creds = _credentials[clientId];
return await context.AcquireTokenAsync(audience, creds);
}
throw new AuthenticationException("Matching credentials for client id '{0}' could not be found.");
}
public static void Main(string[] args)
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext ctx = GetAuthenticationContext(null);
AuthenticationResult result = null;
IPlatformParameters promptBehavior = new PlatformParameters(PromptBehavior.Auto);
try
{
//PromptBehavior.RefreshSession will enforce an authn prompt every time. NOTE: Auto will take your windows login state if possible
result = ctx.AcquireTokenAsync(azureDevOpsResourceId, clientId, new Uri(replyUri), promptBehavior).Result;
Console.WriteLine("Token expires on: " + result.ExpiresOn);
var bearerAuthHeader = new AuthenticationHeaderValue("Bearer", result.AccessToken);
helper.ListRepos(bearerAuthHeader, "HR-TAL");
//Collect Branches for Repo
int counter = 0;
//helper.RepoList.ForEach(r =>
//{
// Console.WriteLine(String.Format("Processing repo {0} > {1}", ++counter, r.name));
// helper.ListBranchesForRepo(r);
// helper.ListBuildsForRepoBranch(r, "refs/heads/master");
//});
Console.WriteLine("Fetching all releases as per specified filters...");
helper.ListReleases(bearerAuthHeader, "HR-");
Console.WriteLine("--------------------------------------------------");
DumpCSV();
Console.WriteLine("-- DONE --");
Console.ReadLine();
}
catch (UnauthorizedAccessException)
{
// If the token has expired, prompt the user with a login prompt
result = ctx.AcquireTokenAsync(azureDevOpsResourceId, clientId, new Uri(replyUri), promptBehavior).Result;
}
catch (Exception ex)
{
Console.WriteLine("{0}: {1}", ex.GetType(), ex.Message);
}
finally
{
}
}
public IEnumerable <TeamProjectReference> InteractiveADAL(string vstsAccountName, string applicationId)
{
AuthenticationContext authenticationContext = new AadAuthenticationContext("https://login.windows.net/common", validateAuthority: true);
var authenticationResultTask = authenticationContext.AcquireTokenAsync(VSTSResourceId, applicationId, new Uri(RedirectUri), new PlatformParameters(PromptBehavior.Auto));
AuthenticationResult authenticationResult = authenticationResultTask.Result;
VssOAuthAccessTokenCredential oAuthCredential = new VssOAuthAccessTokenCredential(authenticationResult.AccessToken);
return(ListProjectsViaClientLibrary(vstsAccountName, oAuthCredential));
}
public async Task IntegratedAuthUsingUpn_MexDoesNotReturnAuthEndpointTestAsync()
{
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
await context.Authenticator.UpdateFromTemplateAsync(null).ConfigureAwait(false);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"ver\":\"1.0\",\"account_type\":\"federated\",\"domain_name\":\"microsoft.com\"," +
"\"federation_protocol\":\"WSTrust\",\"federation_metadata_url\":" +
"\"https://msft.sts.microsoft.com/adfs/services/trust/mex\"," +
"\"federation_active_auth_url\":\"https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed\"" +
",\"cloud_instance_name\":\"login.microsoftonline.com\"}")
},
QueryParams = new Dictionary <string, string>()
{
{ "api-version", "1.0" }
}
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler("https://msft.sts.microsoft.com/adfs/services/trust/mex")
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(File.ReadAllText("TestMex.xml"))
}
});
// Mex does not return integrated auth endpoint (.../13/windowstransport)
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler("https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport")
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.NotFound)
{
Content = new StringContent("Not found")
}
});
// Call acquire token, endpoint not found
var result = AssertException.TaskThrows <Exception>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserCredential(TestConstants.DefaultDisplayableId)));
// Check exception message
Assert.AreEqual("Federated service at https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport returned error: See inner exception for detail.", result.Message);
Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.InnerException.Message);
// There should be no cached entries.
Assert.AreEqual(0, context.TokenCache.Count);
// All mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
public static async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var clientId = _configuration["KeyVault:AuthClientId"];
var clientSecret = _configuration["KeyVault:AuthClientSecret"];
var clientCredential = new ClientCredential(clientId, clientSecret);
var context = new AuthenticationContext(authority, null);
var result = await context.AcquireTokenAsync(resource, clientCredential);
return result.AccessToken;
}
internal async Task<string> KeyVaultClientAuthenticationCallback(string authority, string resource, string scope)
{
var authContext = new AuthenticationContext(authority);
ClientCredential clientCred = new ClientCredential(_clientId, _clientSecret);
AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
throw new InvalidOperationException("Failed to obtain the JWT token");
return result.AccessToken;
}
/// <summary>
/// Authenticate using the secret for the specified client from the key store
/// </summary>
/// <param name="clientId">The active directory client id for the application.</param>
/// <param name="audience">The intended audience for authentication</param>
/// <param name="context">The AD AuthenticationContext to use</param>
/// <returns></returns>
public async Task<AuthenticationResult> AuthenticateAsync(string clientId, string audience, AuthenticationContext context)
{
var task = new Task<SecureString>(() =>
{
return ServicePrincipalKeyStore.GetKey(clientId, _tenantId);
});
task.Start();
var key = await task.ConfigureAwait(false);
return await context.AcquireTokenAsync(audience, new ClientCredential(clientId, key));
}
//the method that will be provided to the KeyVaultClient
public async static Task<string> GetToken(string authority, string resource, string scope)
{
var authContext = new AuthenticationContext(authority);
ClientCredential clientCred = new ClientCredential(WebConfigurationManager.AppSettings["ClientId"],
WebConfigurationManager.AppSettings["ClientSecret"]);
AuthenticationResult result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
throw new InvalidOperationException("Failed to obtain the JWT token");
return result.AccessToken;
}
/// <summary>
/// Authentication callback that gets a token using the X509 certificate
/// </summary>
/// <param name="authority">Address of the authority</param>
/// <param name="resource">Identifier of the target resource that is the recipient of the requested token</param>
/// <param name="scope">Scope</param>
/// <returns></returns>
public static async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var client_id = CloudConfigurationManager.GetSetting(Constants.KeyVaultAuthClientIdSetting);
var context = new AuthenticationContext(authority, null);
var assertionCert = new ClientAssertionCertificate(client_id, clientAssertionCertPfx);
var result = await context.AcquireTokenAsync(resource, assertionCert);
return result.AccessToken;
}
public static string GetAccessToken()
{
AuthenticationContext authContext = new AuthenticationContext(authority);
var authResult =
authContext.AcquireTokenAsync(
resourceMicrosoftGraphAPI,
clientId,
replyUrl,
new PlatformParameters(PromptBehavior.Auto));
return authResult.Result.AccessToken;
}
private async static Task doStuffInOffice365()
{
//set the authentication context
//you can do multi-tenant app-only, but you cannot use /common for authority...must get tenant ID
string authority = "https://login.windows.net/rzna.onmicrosoft.com/";
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
//read the certificate private key from the executing location
//NOTE: This is a hack...Azure Key Vault is best approach
var certPath = System.Reflection.Assembly.GetExecutingAssembly().Location;
certPath = certPath.Substring(0, certPath.LastIndexOf('\\')) + "\\O365AppOnly_private.pfx";
var certfile = System.IO.File.OpenRead(certPath);
var certificateBytes = new byte[certfile.Length];
certfile.Read(certificateBytes, 0, (int)certfile.Length);
var cert = new X509Certificate2(
certificateBytes,
PRIVATE_KEY_PASSWORD,
X509KeyStorageFlags.Exportable |
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet); //switchest are important to work in webjob
ClientAssertionCertificate cac = new ClientAssertionCertificate(CLIENT_ID, cert);
//get the access token to SharePoint using the ClientAssertionCertificate
Console.WriteLine("Getting app-only access token to SharePoint Online");
var authenticationResult = await authenticationContext.AcquireTokenAsync("https://rzna.sharepoint.com/", cac);
var token = authenticationResult.AccessToken;
Console.WriteLine("App-only access token retreived");
//perform a post using the app-only access token to add SharePoint list item in Attendee list
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token);
client.DefaultRequestHeaders.Add("Accept", "application/json;odata=verbose");
//create the item payload for saving into SharePoint
var itemPayload = new
{
__metadata = new { type = "SP.Data.SampleListItem" },
Title = String.Format("Created at {0} {1} from app-only AAD token", DateTime.Now.ToShortDateString(), DateTime.Now.ToShortTimeString())
};
//setup the client post
HttpContent content = new StringContent(JsonConvert.SerializeObject(itemPayload));
content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json;odata=verbose");
Console.WriteLine("Posting ListItem to SharePoint Online");
using (HttpResponseMessage response = await client.PostAsync("https://rzna.sharepoint.com/_api/web/Lists/getbytitle('Sample')/items", content))
{
if (!response.IsSuccessStatusCode)
Console.WriteLine("ERROR: SharePoint ListItem Creation Failed!");
else
Console.WriteLine("SharePoint ListItem Created!");
}
}
/// <summary>
/// Authenticate using certificate thumbprint from the datastore
/// </summary>
/// <param name="clientId">The active directory client id for the application.</param>
/// <param name="audience">The intended audience for authentication</param>
/// <param name="context">The AD AuthenticationContext to use</param>
/// <returns></returns>
public async Task<AuthenticationResult> AuthenticateAsync(string clientId, string audience, AuthenticationContext context)
{
var task = new Task<X509Certificate2>(() =>
{
return AzureSession.DataStore.GetCertificate(this._certificateThumbprint);
});
task.Start();
var certificate = await task.ConfigureAwait(false);
return await context.AcquireTokenAsync(
audience,
new ClientAssertionCertificate(clientId, certificate));
}
internal async Task<string> GetTokenHelperAsync(AuthenticationContext context, string resourceId)
{
string accessToken = null;
AuthenticationResult result = null;
result = await context.AcquireTokenAsync(resourceId, ClientID, _returnUri);
accessToken = result.AccessToken;
_settings.Values["LastAuthority"] = context.Authority;
return accessToken;
}
private static async Task<string> GetAuthorizationHeader()
{
string username = "";
string password = "";
var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", TenantId));
var userCred = new UserCredential(username, password);
AuthenticationResult result =
await context.AcquireTokenAsync("https://management.core.windows.net/", ClientId, userCred);
return result.CreateAuthorizationHeader().Substring("Bearer ".Length);
}
private async Task<string> GetAccessToken()
{
AuthenticationContext authContext = new AuthenticationContext(authority);
ClientCredential clientCred = new ClientCredential("844ffb77-5bfd-403e-9285-678e2eddc90c", "IAKt/4uoQFM0UJ1Ocj//WHOg1RzLspACzPAKkkPP0kw=");
//UserCredential userCredential = new UserCredential("*****@*****.**", "feb@2016"); //Before RTM
UserCredential userCredential = new UserCredential("*****@*****.**");
AuthenticationResult authResult = await authContext.AcquireTokenAsync("https://microsoft.onmicrosoft.com/mcserviceadal",
clientCred);
return authResult.AccessToken;
//AuthenticationContext authContext = new AuthenticationContext(clientCredentials.Authority);
//ClientCredential clientCred = new ClientCredential(clientCredentials.ClientId, clientCredentials.ClientSecret);
//AuthenticationResult authResult = await authContext.AcquireTokenAsync(clientCredentials.ClientResource, clientCred);
//return authResult.AccessToken;
}
public async Task AuthenticateRequestAsync(HttpRequestMessage request) {
// Use ADAL to obtain access token - ADAL performs tokn caching behind the scenes
AuthenticationContext authContext = new AuthenticationContext(authority);
AuthenticationResult authResult =
await authContext.AcquireTokenAsync(
resourceMicrosoftGraphAPI,
clientId,
replyUrl,
new PlatformParameters(PromptBehavior.Auto));
// insert access token into authorization header for each outbound request
request.Headers.Add("Authorization", "Bearer " + authResult.AccessToken);
}
/// <summary>
/// Get Token for Application.
/// </summary>
/// <returns>Token for application.</returns>
public static async Task<string> GetTokenForApplicationAsync()
{
var authenticationUrl = "https://login.windows.net/" + ConfigurationManager.AppSettings["TenantUpnDomain"];
AuthenticationContext authenticationContext = new AuthenticationContext(authenticationUrl, false);
// Config for OAuth client credentials
ClientCredential clientCred = new ClientCredential(
ConfigurationManager.AppSettings["ClientId"],
ConfigurationManager.AppSettings["ClientSecret"]);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl,
clientCred);
string token = authenticationResult.AccessToken;
return token;
}
/// <summary>
/// Gets the authentication token.
/// </summary>
/// <param name="tenantId">The tenant identifier.</param>
/// <returns></returns>
private static string GetAuthToken(string tenantId)
{
AuthenticationContext context = new AuthenticationContext(authority: string.Format("https://login.windows.net/{0}", tenantId));
var acquireTokenTask = context.AcquireTokenAsync(
resource: "https://management.core.windows.net/",
clientId: "1950a258-227b-4e31-a9cf-717495945fc2",
redirectUri: new Uri("urn:ietf:wg:oauth:2.0:oob"),
parameters: new PlatformParameters(promptBehavior: PromptBehavior.Auto, ownerWindow: null));
acquireTokenTask.Wait();
var authResult = acquireTokenTask.Result;
return authResult.CreateAuthorizationHeader().Substring("Bearer ".Length);
}
async Task<string> AcquireToken()
{
string authString = $"https://login.microsoftonline.com/{credentials.TenantId}";
string clientId = credentials.UserClaims
.FirstOrDefault(c => c.Type == "aud").Value;
string clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
var authenticationContext = new AuthenticationContext(authString, false);
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
AuthenticationResult result = await authenticationContext.AcquireTokenAsync(
resource: resourceUrl,
clientCredential: clientCred);
return result.AccessToken;
}
//Get Aacess token for Keyvault client to use
private static async Task<string> GetAccessToken(string authority, string resource, string scope)
{
var authenticationContext = new AuthenticationContext(authority);
var credential = GetCredential();
AuthenticationResult result = await authenticationContext.AcquireTokenAsync(resource, credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
string token = result.AccessToken;
return token;
}
public void Run()
{
// Try to obtain the authorization token
var clientCredential = new ClientCredential(clientId, clientSecret);
var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
var result = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result;
if (result == null)
{
throw new InvalidOperationException("Failed to obtain authorization token");
}
// Read the token and create the appropriate credentials object
string token = result.AccessToken;
var credentials = new TokenCredentials(token);
// Read the template and parameter file contents
JObject templateFileContents = GetJsonFileContents(pathToTemplateFile);
JObject parameterFileContents = GetJsonFileContents(pathToParameterFile);
// Create the resource manager client
var resourceManagementClient = new ResourceManagementClient(credentials);
resourceManagementClient.SubscriptionId = subscriptionId;
// Create or check that resource group exists
EnsureResourceGroupExists(resourceManagementClient, resourceGroupName, resourceGroupLocation);
// Start a deployment
DeployTemplate(resourceManagementClient, resourceGroupName, deploymentName, templateFileContents, parameterFileContents);
}