private async Task InitializeAsync()
{
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(_options.ClientId).WithAuthority(_options.AuthorityHost.AbsoluteUri, _options.TenantId).WithHttpClientFactory(new HttpPipelineClientFactory(_options.Pipeline.HttpPipeline));
if (_options.Secret != null)
{
confClientBuilder.WithClientSecret(_options.Secret);
}
if (_options.CertificateProvider != null)
{
X509Certificate2 clientCertificate = await _options.CertificateProvider.GetCertificateAsync(true, default).ConfigureAwait(false);
confClientBuilder.WithCertificate(clientCertificate);
}
_client = confClientBuilder.Build();
if (_options.AttachSharedCache)
{
StorageCreationProperties storageProperties = new StorageCreationPropertiesBuilder(Constants.DefaultMsalTokenCacheName, Constants.DefaultMsalTokenCacheDirectory, _options.ClientId)
.WithMacKeyChain(Constants.DefaultMsalTokenCacheKeychainService, Constants.DefaultMsalTokenCacheKeychainAccount)
.WithLinuxKeyring(Constants.DefaultMsalTokenCacheKeyringSchema, Constants.DefaultMsalTokenCacheKeyringCollection, Constants.DefaultMsalTokenCacheKeyringLabel, Constants.DefaultMsaltokenCacheKeyringAttribute1, Constants.DefaultMsaltokenCacheKeyringAttribute2)
.Build();
MsalCacheHelper cacheHelper = await MsalCacheHelper.CreateAsync(storageProperties).ConfigureAwait(false);
cacheHelper.RegisterCache(_client.UserTokenCache);
}
}
public async Task <ActionResult> Authorize()
{
ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(_azureAdOptions.ClientId);
clientBuilder.WithClientSecret(_azureAdOptions.ClientSecret);
clientBuilder.WithRedirectUri(LoginRedirectUri.ToString());
clientBuilder.WithAuthority(_azureAdOptions.Authority);
ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build();
string[] sassScopes = $"{_azureAdOptions.SaaSScopes}".Split(new[] { ' ' });
var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode(
sassScopes,
HttpContext.Request.Query["code"].ToString()
);
try
{
var authResult = await authResultBuilder.ExecuteAsync();
var offer = Offers.ContosoAppOffer;
var activation = await _assignedUserService.Activate($"{_azureAdOptions.SaaSAPI}/{offer.OfferID}", authResult.AccessToken);
ViewBag.Message = JsonConvert.SerializeObject(
new { status = "success", activation = activation, accountName = authResult.Account.Username });
}
catch (Exception e)
{
ViewBag.Message = JsonConvert.SerializeObject(new { status = "failure", error = e.Message });
}
return(View());
}
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken)
{
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId)
.WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline))
.WithLogging(AzureIdentityEventSource.Singleton.LogMsal, enablePiiLogging: LogPII);
if (_clientSecret != null)
{
confClientBuilder.WithClientSecret(_clientSecret);
}
if (_certificateProvider != null)
{
X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false);
confClientBuilder.WithCertificate(clientCertificate);
}
if (RegionalAuthority.HasValue)
{
confClientBuilder.WithAzureRegion(RegionalAuthority.Value.ToString());
}
return(confClientBuilder.Build());
}
public async Task <ActionResult> Authorize()
{
ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(AzureADClientId);
clientBuilder.WithClientSecret(AzureADClientSecret);
clientBuilder.WithRedirectUri(loginRedirectUri.ToString());
clientBuilder.WithAuthority(AzureADAuthority);
ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build();
string[] sassScopes = $"{SaaSScopes}".Split(new[] { ' ' });
try
{
// Get and save the token.
var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode(
sassScopes,
Request.Params["code"]
);
var authResult = await authResultBuilder.ExecuteAsync();
var activation = await _assignedUserService.Activate($"{SaaSAPI}/{OfferID}", authResult.AccessToken);
ViewBag.accountName = authResult.Account.Username;
return(View(activation));
}
catch (Exception ex)
{
System.Diagnostics.Trace.WriteLine(ex.ToString());
}
return(View());
}
/// <summary>
/// Gets IdToken from implicit flow and sends it to main add-in window.
/// </summary>
/// <returns>The default view.</returns>
public async Task <ActionResult> Authorize()
{
ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId);
clientBuilder.WithClientSecret(Settings.AzureADClientSecret);
clientBuilder.WithRedirectUri(loginRedirectUri.ToString());
clientBuilder.WithAuthority(Settings.AzureADAuthority);
ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build();
string[] graphScopes = { "Files.Read.All", "User.Read" };
// Get and save the token.
var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode(
graphScopes,
Request.Params["code"] // The auth 'code' parameter from the Azure redirect.
);
try
{
var authResult = await authResultBuilder.ExecuteAsync();
ViewBag.AccessToken = authResult.AccessToken;
}
catch (Exception e)
{
ViewBag.Error = e.Message;
}
return(View());
}
/// <summary>
/// Logs the user into Office 365.
/// </summary>
/// <param name="authState">The login or logout status of the user.</param>
/// <returns>A redirect to the Office 365 login page.</returns>
public async Task <ActionResult> Login(string authState)
{
if (string.IsNullOrEmpty(Settings.AzureADClientId) || string.IsNullOrEmpty(Settings.AzureADClientSecret))
{
ViewBag.Message = "Please set your client ID and client secret in the Web.config file";
return(View());
}
// TODO: ADDED withAuth
ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId)
.WithAuthority(Settings.AzureADAuthority)
.WithClientSecret(Settings.AzureADClientSecret);
ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build();
// Generate the parameterized URL for Azure login.
string[] graphScopes = { "Files.Read.All", "User.Read" };
var urlBuilder = clientApp.GetAuthorizationRequestUrl(graphScopes);
urlBuilder.WithRedirectUri(loginRedirectUri.ToString());
urlBuilder.WithAuthority(Settings.AzureADAuthority);
urlBuilder.WithExtraQueryParameters("state=" + authState);
var authUrl = await urlBuilder.ExecuteAsync(System.Threading.CancellationToken.None);
// Redirect the browser to the login page, then come back to the Authorize method below.
return(Redirect(authUrl.ToString()));
}
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken)
#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
{
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId).WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId).WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline));
confClientBuilder.WithClientAssertion(clientAssertion);
return(confClientBuilder.Build());
}
public HttpResponseMessage Token(Token body)
{
if (string.IsNullOrEmpty(body.UserToken))
{
return(SendErrorToClient(HttpStatusCode.InternalServerError, null, "No token provided"));
}
UserAssertion userAssertion = new UserAssertion(body.UserToken);
// Get the access token for MS Graph.
ConfidentialClientApplicationBuilder b = ConfidentialClientApplicationBuilder.Create(ConfigurationManager.AppSettings["ida:ClientID"]);
b.WithClientSecret(ConfigurationManager.AppSettings["ida:Password"]).WithRedirectUri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
IConfidentialClientApplication cca = b.Build();
//string[] graphScopes = { "user.read", "files.read.all", "mail.read", "calendars.read" };
string[] graphScopes = { "Mail.Read", "Files.Read.All", "Calendars.Read" };
AuthenticationResult result = null;
try
{
// The AcquireTokenOnBehalfOfAsync method will first look in the MSAL in memory cache for a
// matching access token. Only if there isn't one, does it initiate the "on behalf of" flow
// with the Azure AD V2 endpoint.
result = cca.AcquireTokenOnBehalfOf(graphScopes, userAssertion).ExecuteAsync().Result;
}
catch (MsalServiceException e)
{
if (e.Message.StartsWith("AADSTS50076"))
{
string responseMessage = String.Format("{{\"AADError\":\"AADSTS50076\",\"Claims\":{0}}}", e.Claims);
return(SendErrorToClient(HttpStatusCode.InternalServerError, e, responseMessage));
}
if ((e.Message.StartsWith("AADSTS65001")) ||
(e.Message.StartsWith("AADSTS70011: The provided value for the input parameter 'scope' is not valid.")))
{
return(SendErrorToClient(HttpStatusCode.InternalServerError, e, e.Message));
}
return(SendErrorToClient(HttpStatusCode.InternalServerError, e, e.Message));
}
HttpRequestMessage requestMessage = new HttpRequestMessage();
var configuration = new HttpConfiguration();
requestMessage.Properties[System.Web.Http.Hosting.HttpPropertyKeys.HttpConfigurationKey] = configuration;
HttpResponseMessage tokenMessage = requestMessage.CreateResponse(HttpStatusCode.OK, result.AccessToken);
return(tokenMessage);
}
/// <summary>
/// Authenticate using MS Identity Library
/// </summary>
/// <returns></returns>
private async Task <AuthenticationResult> AuthenticateViaMsal()
{
ConfidentialClientApplicationBuilder builder = ConfidentialClientApplicationBuilder.Create(_AzureADConfig.ClientId);
//builder.WithTenantId(_AzureADConfig.TenantId);
builder.WithClientSecret(_AzureADConfig.ClientSecret);
IConfidentialClientApplication app = builder.Build();
// Acquire Token
string[] scopes = new string[] { _CustomerApiConfig.Scope };
return(await app.AcquireTokenForClient(scopes).WithAuthority(CreateOAuthEndPoint(), true).ExecuteAsync());
}
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken)
{
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId).WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId).WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline));
if (_clientSecret != null)
{
confClientBuilder.WithClientSecret(_clientSecret);
}
if (_certificateProvider != null)
{
X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false);
confClientBuilder.WithCertificate(clientCertificate);
}
return(confClientBuilder.Build());
}
/// <summary>
/// Authorizes the web application (not the user) to access Microsoft Graph resources by using
/// the Authorization Code flow of OAuth.
/// </summary>
/// <returns>The default view.</returns>
public async Task <ActionResult> Authorize()
{
ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(Settings.AzureADClientId);
clientBuilder.WithClientSecret(Settings.AzureADClientSecret);
clientBuilder.WithRedirectUri(loginRedirectUri.ToString());
clientBuilder.WithAuthority(Settings.AzureADAuthority);
ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build();
string[] graphScopes = { "Files.Read.All", "User.Read" };
var authStateString = Request.QueryString["state"];
var authState = JsonConvert.DeserializeObject <AuthState>(authStateString);
try
{
// Get and save the token.
var authResultBuilder = clientApp.AcquireTokenByAuthorizationCode(
graphScopes,
Request.Params["code"] // The auth 'code' parameter from the Azure redirect.
);
var authResult = await authResultBuilder.ExecuteAsync();
await SaveAuthToken(authState, authResult);
authState.authStatus = "success";
}
catch (Exception ex)
{
System.Diagnostics.Trace.WriteLine(ex.ToString());
authState.authStatus = "failure";
}
// Instead of doing a server-side redirect, we have to do a client-side redirect to get around
// some issues with the display dialog API not getting properly wired up after a server-side redirect
var redirectUrl = Url.Action(nameof(AuthorizeComplete), new { authState = JsonConvert.SerializeObject(authState) });
ViewBag.redirectUrl = redirectUrl;
return(View());
}
protected override async ValueTask <IConfidentialClientApplication> CreateClientAsync(bool async, CancellationToken cancellationToken)
{
ConfidentialClientApplicationBuilder confClientBuilder = ConfidentialClientApplicationBuilder.Create(ClientId)
.WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId)
.WithHttpClientFactory(new HttpPipelineClientFactory(Pipeline.HttpPipeline))
.WithLogging(LogMsal, enablePiiLogging: IsPiiLoggingEnabled);
if (_clientSecret != null)
{
confClientBuilder.WithClientSecret(_clientSecret);
}
if (_assertionCallback != null)
{
confClientBuilder.WithClientAssertion(_assertionCallback);
}
if (_asyncAssertionCallback != null)
{
confClientBuilder.WithClientAssertion(_asyncAssertionCallback);
}
if (_certificateProvider != null)
{
X509Certificate2 clientCertificate = await _certificateProvider.GetCertificateAsync(async, cancellationToken).ConfigureAwait(false);
confClientBuilder.WithCertificate(clientCertificate);
}
if (RegionalAuthority.HasValue)
{
confClientBuilder.WithAzureRegion(RegionalAuthority.Value.ToString());
}
if (!string.IsNullOrEmpty(RedirectUrl))
{
confClientBuilder.WithRedirectUri(RedirectUrl);
}
return(confClientBuilder.Build());
}
public async Task <ActionResult> Login()
{
if (string.IsNullOrEmpty(_azureAdOptions.ClientId) || string.IsNullOrEmpty(_azureAdOptions.ClientSecret))
{
ViewBag.Message = "Please set your client ID and client secret in the Web.config file";
return(View());
}
ConfidentialClientApplicationBuilder clientBuilder = ConfidentialClientApplicationBuilder.Create(_azureAdOptions.ClientId);
ConfidentialClientApplication clientApp = (ConfidentialClientApplication)clientBuilder.Build();
string[] graphScopes = { "profile" };
var urlBuilder = clientApp.GetAuthorizationRequestUrl(graphScopes);
urlBuilder.WithRedirectUri(LoginRedirectUri.ToString());
urlBuilder.WithAuthority(_azureAdOptions.Authority);
var authUrl = await urlBuilder.ExecuteAsync(System.Threading.CancellationToken.None);
return(Redirect(authUrl.ToString()));
}
