private async Task <bool> AuthenticateByAAD(string userObjectID, string username, string tenantID, string upn, string endpoint) { bool ret = true; UserID userID = new UserID(); userID.groups = new List <string>(); userID.uid = "99999999"; userID.gid = "99999999"; userID.isAdmin = "false"; userID.isAuthorized = "false"; if (!String.IsNullOrEmpty(tenantID)) { var token = await _tokenCache.GetAccessTokenForAadGraph(); if (!String.IsNullOrEmpty(token)) { OpenIDAuthentication config; var scheme = Startup.GetAuthentication(username, out config); if (!Object.ReferenceEquals(config, null) && config._bUseAadGraph) { string requestUrl = String.Format("{0}/myorganization/me/memberOf?api-version={2}", config._graphBasePoint, tenantID, config._graphApiVersion); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); HttpResponseMessage response = await client.SendAsync(request); if (!response.IsSuccessStatusCode) { throw new HttpRequestException(response.ReasonPhrase); } string responseString = await response.Content.ReadAsStringAsync(); _logger.LogInformation("MemberOf information: {0}", responseString); // string resourceURL = Startup.Configuration["AzureAd:ResourceURL"]; // var servicePointUri = new Uri(resourceURL); // System.Uri serviceRoot = new Uri(servicePointUri, tenantID); // var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async => await _assertionCredential.AccessToken); } } } // Mark user as unauthorized. // await AddUser(username, userID); return(ret); }
// GET: /<controller>/ public async Task <IActionResult> Index() { try { string token = await _tokenCache.GetAccessTokenForAadGraph(); // Call the Graph API and retrieve the user's profile. string requestUrl = String.Format("{0}/{1}{2}?api-version={3}", _aadConfig.GraphBaseEndpoint, User.FindFirst(AzureADConstants.TenantIdClaimType).Value, "/me", _aadConfig.GraphApiVersion); HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); HttpResponseMessage response = await client.SendAsync(request); if (!response.IsSuccessStatusCode) { throw new HttpRequestException(response.ReasonPhrase); } string responseString = await response.Content.ReadAsStringAsync(); var model = JsonConvert.DeserializeObject <AADUserProfile>(responseString); model.token = token; return(View(model)); } catch (AdalException ex) { return(new RedirectResult("/Home/Error?message=Unable to get tokens; you may need to sign in again.")); } catch (Exception ex) { return(new RedirectResult(String.Concat("/Home/Error?message=", ex.Message))); } }