private static void RunAuthenticationParametersPositive(string authenticateHeader, string expectedAuthority, string excepectedResource)
{
AuthenticationParameters parameters = AuthenticationParameters.CreateFromResponseAuthenticateHeader(authenticateHeader);
Assert.AreEqual(expectedAuthority, parameters.Authority);
Assert.AreEqual(excepectedResource, parameters.Resource);
}
internal static AuthenticationParametersProxy CreateFromResponseAuthenticateHeader(string authenticateHeader)
{
AuthenticationParameters parameters = AuthenticationParameters.CreateFromResponseAuthenticateHeader(authenticateHeader);
return(new AuthenticationParametersProxy {
Authority = parameters.Authority, Resource = parameters.Resource
});
}
private static void RunAuthenticationParametersNegative(string authenticateHeader)
{
var ex = AssertException.Throws <ArgumentException>(() =>
AuthenticationParameters.CreateFromResponseAuthenticateHeader(authenticateHeader),
allowDerived: true);
Assert.AreEqual("authenticateHeader", ex.ParamName);
Assert.IsTrue(string.IsNullOrWhiteSpace(authenticateHeader) || ex.Message.Contains("header format"));
}
private static void RunAuthenticationParametersNegative(string authenticateHeader)
{
try
{
AuthenticationParameters.CreateFromResponseAuthenticateHeader(authenticateHeader);
}
catch (ArgumentException ex)
{
Assert.AreEqual("authenticateHeader", ex.ParamName);
Assert.IsTrue(string.IsNullOrWhiteSpace(authenticateHeader) || ex.Message.Contains("header format"));
}
}
public void AuthenticationParametersTest()
{
string authority = "https://login.windows.net/common/oauth2/authorize";
const string Resource = "test_resource";
AuthenticationParameters authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"Bearer authorization_uri=""{0}"",resource_id=""{1}""", authority, Resource));
Assert.AreEqual(authority, authParams.Authority);
Assert.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"bearer Authorization_uri=""{0}"",Resource_ID=""{1}""", authority, Resource));
Assert.AreEqual(authority, authParams.Authority);
Assert.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"Bearer authorization_uri=""{0}""", authority));
Assert.AreEqual(authority, authParams.Authority);
Assert.IsNull(authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"Bearer resource_id=""{0}""", Resource));
Assert.AreEqual(Resource, authParams.Resource);
Assert.IsNull(authParams.Authority);
try
{
AuthenticationParameters.CreateFromResponseAuthenticateHeader(null);
}
catch (ArgumentNullException ex)
{
Assert.AreEqual(ex.ParamName, "authenticateHeader");
}
try
{
AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"authorization_uri=""{0}"",Resource_id=""{1}""", authority, Resource));
}
catch (ArgumentException ex)
{
Assert.AreEqual(ex.ParamName, "authenticateHeader");
Assert.IsTrue(ex.Message.Contains("format"));
}
}
public static string GetAccessToken(string userName, string password, Uri serviceRoot)
{
var targetServiceUrl = GetUriBuilderWithVersion(serviceRoot);
string _resource;
string _authority;
// Obtain the Azure Active Directory Authentication Library (ADAL) authentication context.
AuthenticationParameters ap;
//ap = GetAuthorityFromTargetService(targetServiceUrl.Uri);
//AuthenticationContext authContext = new AuthenticationContext(ap.Authority, false);
ap = AuthenticationParameters.CreateFromResponseAuthenticateHeader("Bearer authorization_uri=https://login.microsoftonline.com/common/oauth2/authorize,resource_id=https://globaldisco.crm10.dynamics.com/");
_authority = ap.Authority;
_resource = ap.Resource;
AuthenticationContext authContext = new AuthenticationContext(_authority, false);
//AuthenticationContext authContext = new AuthenticationContext(authority, false);
//Note that an Azure AD access token has finite lifetime, default expiration is 60 minutes.
AuthenticationResult authResult;
if (userName != string.Empty && password != string.Empty)
{
UserPasswordCredential cred = new UserPasswordCredential(userName, password);
authResult = authContext.AcquireTokenAsync(_resource, clientId, cred).Result;
}
else
{
// new
var clientCertName = "serviceauth.local-operations365.dynamics.com";
var certificate = CertificateLoader.LoadFromStoreCert(clientCertName, "My", StoreLocation.LocalMachine, allowInvalid: false);
var clientAssertionCertificate = new ClientAssertionCertificate(clientId, certificate);
authResult = authContext.AcquireTokenAsync(_resource, clientAssertionCertificate, true).Result;
// old
//PlatformParameters platformParameters = new PlatformParameters(PromptBehavior.Auto);
//authResult = authContext.AcquireTokenAsync(ap.Resource, clientId, new Uri(redirectUrl), platformParameters).Result;
}
return(authResult.AccessToken);
}
public void AuthenticationParametersTest()
{
const string Authority = "https://login.windows.net/aadadfs.onmicrosoft.com/oauth2/authorize";
const string Resource = "test_resource";
AuthenticationParameters authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"Bearer authorization_uri=""{0}"",resource_id=""{1}""", Authority, Resource));
Verify.AreEqual(Authority, authParams.Authority);
Verify.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"bearer Authorization_uri=""{0}"",Resource_ID=""{1}""", Authority, Resource));
Verify.AreEqual(Authority, authParams.Authority);
Verify.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"Bearer authorization_uri=""{0}""", Authority));
Verify.AreEqual(Authority, authParams.Authority);
Verify.IsNull(authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"Bearer resource_id=""{0}""", Resource));
Verify.AreEqual(Resource, authParams.Resource);
Verify.IsNull(authParams.Authority);
try
{
AuthenticationParameters.CreateFromResponseAuthenticateHeader(null);
}
catch (ArgumentNullException ex)
{
Verify.AreEqual(ex.ParamName, "authenticateHeader");
}
try
{
AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(@"authorization_uri=""{0}"",Resource_id=""{1}""", Authority, Resource));
}
catch (ArgumentException ex)
{
Verify.AreEqual(ex.ParamName, "authenticateHeader");
Verify.IsTrue(ex.Message.Contains("format"));
}
}
public void AuthenticationParametersTest()
{
string authority = TestConstants.DefaultAuthorityCommonTenant + "/oauth2/authorize";
const string Resource = "test_resource";
AuthenticationParameters authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"Bearer authorization_uri=""{0}"",resource_id=""{1}""", authority, Resource));
Assert.AreEqual(authority, authParams.Authority);
Assert.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"bearer Authorization_uri=""{0}"",Resource_ID=""{1}""", authority, Resource));
Assert.AreEqual(authority, authParams.Authority);
Assert.AreEqual(Resource, authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"Bearer authorization_uri=""{0}""", authority));
Assert.AreEqual(authority, authParams.Authority);
Assert.IsNull(authParams.Resource);
authParams = AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"Bearer resource_id=""{0}""", Resource));
Assert.AreEqual(Resource, authParams.Resource);
Assert.IsNull(authParams.Authority);
// Null parameter -> error
var ex = AssertException.Throws <ArgumentNullException>(() =>
AuthenticationParameters.CreateFromResponseAuthenticateHeader(null));
Assert.AreEqual(ex.ParamName, "authenticateHeader");
// Invalid format -> error
var argEx = AssertException.Throws <ArgumentException>(() =>
AuthenticationParameters.CreateFromResponseAuthenticateHeader(string.Format(CultureInfo.InvariantCulture, @"authorization_uri=""{0}"",Resource_id=""{1}""", authority, Resource)));
Assert.AreEqual(argEx.ParamName, "authenticateHeader");
Assert.IsTrue(argEx.Message.Contains("format"));
}
public static async Task <AuthenticationResultProxy> ExecuteAsync(CommandProxy proxy)
{
AuthenticationResultProxy resultProxy = null;
AuthenticationResult result = null;
foreach (var command in proxy.Commands)
{
var arg = command.Arguments;
switch (command.CommandType)
{
case CommandType.ClearDefaultTokenCache:
{
var dummyContext = new AuthenticationContext("https://dummy/dummy", false);
dummyContext.TokenCache.Clear();
break;
}
case CommandType.SetEnvironmentVariable:
{
var localSettings = Windows.Storage.ApplicationData.Current.LocalSettings;
localSettings.Values[arg.EnvironmentVariable] = arg.EnvironmentVariableValue;
break;
}
case CommandType.SetCorrelationId:
{
context.CorrelationId = arg.CorrelationId;
break;
}
case CommandType.CreateContextA:
{
context = new AuthenticationContext(arg.Authority);
break;
}
case CommandType.CreateContextAV:
{
context = new AuthenticationContext(arg.Authority, arg.ValidateAuthority);
break;
}
case CommandType.CreateContextAVT:
{
TokenCache tokenCache = null;
if (arg.TokenCacheType == TokenCacheType.InMemory)
{
tokenCache = new TokenCache()
{
// The default token cache in ADAL WinRT is persistent. This is how to make it in-memory only cache.
BeforeAccess = delegate { },
AfterAccess = delegate { }
};
}
context = new AuthenticationContext(arg.Authority, arg.ValidateAuthority, tokenCache);
break;
}
case CommandType.ClearUseCorporateNetwork:
{
//context.UseCorporateNetwork = false;
break;
}
case CommandType.SetUseCorporateNetwork:
{
//context.UseCorporateNetwork = true;
break;
}
case CommandType.AquireTokenAsyncRCUPa:
{
UserCredential credential = new UserCredential(arg.UserName);
result = await context.AcquireTokenAsync(arg.Resource, arg.ClientId, credential);
break;
}
case CommandType.AquireTokenAsyncRCRe:
{
result = await context.AcquireTokenAsync(arg.Resource, arg.ClientId, arg.RedirectUri);
break;
}
case CommandType.AquireTokenAsyncRCRePUX:
{
result = await context.AcquireTokenAsync(arg.Resource, arg.ClientId, arg.RedirectUri,
(arg.PromptBehavior == PromptBehaviorProxy.Always)?PromptBehavior.Always :
(arg.PromptBehavior == PromptBehaviorProxy.Never)?PromptBehavior.Never : PromptBehavior.Auto,
(arg.UserName != null)?new UserIdentifier(arg.UserName, UserIdentifierType.OptionalDisplayableId) : UserIdentifier.AnyUser, arg.Extra);
break;
}
case CommandType.AquireTokenAsyncRCReP:
{
result = await context.AcquireTokenAsync(arg.Resource, arg.ClientId, arg.RedirectUri,
(arg.PromptBehavior == PromptBehaviorProxy.Always)?PromptBehavior.Always :
(arg.PromptBehavior == PromptBehaviorProxy.Never)?PromptBehavior.Never : PromptBehavior.Auto);
break;
}
case CommandType.AquireTokenAsyncRCRePU:
{
result = await context.AcquireTokenAsync(arg.Resource, arg.ClientId, arg.RedirectUri,
(arg.PromptBehavior == PromptBehaviorProxy.Always)?PromptBehavior.Always :
(arg.PromptBehavior == PromptBehaviorProxy.Never)?PromptBehavior.Never : PromptBehavior.Auto,
(arg.UserName != null)?new UserIdentifier(arg.UserName, UserIdentifierType.OptionalDisplayableId) : UserIdentifier.AnyUser);
break;
}
case CommandType.AcquireTokenByRefreshTokenAsyncRC:
{
result = await context.AcquireTokenByRefreshTokenAsync(arg.RefreshToken, arg.ClientId);
break;
}
case CommandType.AcquireTokenByRefreshTokenAsyncRCRe:
{
result = await context.AcquireTokenByRefreshTokenAsync(arg.RefreshToken, arg.ClientId, arg.Resource);
break;
}
case CommandType.CreateFromResourceUrlAsync:
{
var parameters = await AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(arg.Extra));
resultProxy = new AuthenticationResultProxy
{
AuthenticationParametersAuthority = parameters.Authority,
AuthenticationParametersResource = parameters.Resource
};
break;
}
case CommandType.CreateFromResponseAuthenticateHeader:
{
var parameters = AuthenticationParameters.CreateFromResponseAuthenticateHeader(arg.Extra);
resultProxy = new AuthenticationResultProxy
{
AuthenticationParametersAuthority = parameters.Authority,
AuthenticationParametersResource = parameters.Resource
};
break;
}
/*case CommandType.AcquireTokenByRefreshTokenAsyncRCC:
* {
* result = await context.AcquireTokenByRefreshTokenAsync(arg.RefreshToken, arg.ClientId,
* (arg.ClientId != null && arg.ClientSecret != null) ? new ClientCredential(arg.ClientId, arg.ClientSecret) : null);
* break;
* }*/
default:
throw new Exception("Unknown command");
}
}
return(resultProxy ??
new AuthenticationResultProxy
{
AccessToken = result.AccessToken,
AccessTokenType = result.AccessTokenType,
ExpiresOn = result.ExpiresOn,
IsMultipleResourceRefreshToken =
result.IsMultipleResourceRefreshToken,
RefreshToken = result.RefreshToken,
IdToken = result.IdToken,
TenantId = result.TenantId,
UserInfo = result.UserInfo,
Error = result.Error,
ErrorDescription = result.ErrorDescription,
Status =
(result.Status == AuthenticationStatus.Success)
? AuthenticationStatusProxy.Success
: ((result.Status == AuthenticationStatus.ClientError) ? AuthenticationStatusProxy.ClientError : AuthenticationStatusProxy.ServiceError)
});
}