public async Task <AuthenticationResult> AcquireTokenByAuthorizationCodeAsync(string authority, string code, ApplicationCredential credential, Uri redirectUri, string resource)
{
AuthenticationContext authContext;
ISecureClientSecret secret;
authority.AssertNotEmpty(nameof(authority));
code.AssertNotEmpty(nameof(code));
redirectUri.AssertNotNull(nameof(redirectUri));
resource.AssertNotEmpty(nameof(resource));
try
{
authContext = new AuthenticationContext(authority);
secret = new SecureClientSecret(credential.ApplicationSecret);
return(await authContext.AcquireTokenByAuthorizationCodeAsync(
code,
redirectUri,
new ClientCredential(
credential.ApplicationId,
secret),
resource).ConfigureAwait(false));
}
finally
{
authContext = null;
secret = null;
}
}
/// <summary>
/// Performs the necessary authentication and injects the required header.
/// </summary>
/// <param name="request">The request being made to the Microsoft Graph API.</param>
/// <returns>A <see cref="Task"/> that represents the asynchronous operation.</returns>
public async Task AuthenticateRequestAsync(HttpRequestMessage request)
{
SecureClientSecret clientSecret = new SecureClientSecret(
await ApplicationDomain.Instance.KeyVaultService.GetAsync(WebPortalADClientSecretKey).ConfigureAwait(false));
AuthenticationResult token = await tokenProvider.GetAccessTokenAsync(
$"{ApplicationConfiguration.ActiveDirectoryEndPoint}{customerId}",
authorizationCode,
redirectUri,
new ClientCredential(
ApplicationConfiguration.ActiveDirectoryClientID,
clientSecret),
"https://graph.microsoft.com").ConfigureAwait(false);
request.Headers.Add(AuthHeaderName, $"{TokenType} {token.AccessToken}");
}
private static EutConfiguration NewEutConfiguration()
{
var securedStrClientSecret = new SecureString();
ConfigurationManager.AppSettings["ida:Secret"].ToList().ForEach(c => securedStrClientSecret.AppendChar(c));
var securedClientSecret = new SecureClientSecret(securedStrClientSecret);
var appClientId = ConfigurationManager.AppSettings["ida:Audience"];
return(new EutConfiguration
{
ClientCredential = new ClientCredential(appClientId, securedClientSecret),
AppClientId = ConfigurationManager.AppSettings["ida:Audience"],
TenantName = ConfigurationManager.AppSettings["ida:Tenant"],
TenantOnMicrosoft = string.Concat(ConfigurationManager.AppSettings["ida:Tenant"], ".onmicrosoft.com"),
TenantAuthorityWindows = string.Concat("https://login.windows.net/", ConfigurationManager.AppSettings["ida:Tenant"], ".onmicrosoft.com"),
TenantAuthorityMSOnline = string.Concat("https://login.microsoftonline.com/", ConfigurationManager.AppSettings["ida:Tenant"], ".onmicrosoft.com"),
AppClientSecret = securedClientSecret
});
}
/// <summary>
/// Gets an access token from the authority.
/// </summary>
/// <param name="authority">Address of the authority to issue the token.</param>
/// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param>
/// <param name="credential">The application credential to use for token acquisition.</param>
/// <param name="token">Assertion token representing the user.</param>
/// <returns>An instance of <see cref="AuthenticationResult"/> that represented the access token.</returns>
/// <exception cref="System.ArgumentException">
/// <paramref name="authority"/> is empty or null.
/// or
/// <paramref name="resource"/> is empty or null.
/// or
/// <paramref name="token"/> is empty or null.
/// </exception>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="credential"/> is null.
/// </exception>
public async Task <AuthenticationResult> GetAccessTokenAsync(string authority, string resource, ApplicationCredential credential, string token)
{
AuthenticationContext authContext;
AuthenticationResult authResult;
DistributedTokenCache tokenCache;
ISecureClientSecret secret;
authority.AssertNotEmpty(nameof(authority));
resource.AssertNotEmpty(nameof(authority));
credential.AssertNotNull(nameof(credential));
token.AssertNotEmpty(nameof(token));
try
{
if (credential.UseCache)
{
tokenCache = new DistributedTokenCache(provider, resource);
authContext = new AuthenticationContext(authority, tokenCache);
}
else
{
authContext = new AuthenticationContext(authority);
}
secret = new SecureClientSecret(credential.ApplicationSecret);
authResult = await authContext.AcquireTokenAsync(
resource,
new ClientCredential(
credential.ApplicationId,
secret),
new UserAssertion(token, AssertionType)).ConfigureAwait(false);
return(authResult);
}
finally
{
authContext = null;
tokenCache = null;
secret = null;
}
}
/// <summary>
/// Gets an access token from the authority.
/// </summary>
/// <param name="authority">Address of the authority to issue the token.</param>
/// <param name="resource">Identifier of the target resource that is the recipient of the requested token.</param>
/// <param name="credential">The application credential to use for token acquisition.</param>
/// <returns>An instance of <see cref="AuthenticationResult"/> that represented the access token.</returns>
/// <exception cref="System.ArgumentException">
/// <paramref name="authority"/> is empty or null.
/// or
/// <paramref name="resource"/> is empty or null.
/// </exception>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="credential"/> is null.
/// </exception>
public async Task <AuthenticationResult> GetAccessTokenAsync(string authority, string resource, ApplicationCredential credential)
{
AuthenticationContext authContext;
AuthenticationResult authResult;
DistributedTokenCache tokenCache;
Microsoft.IdentityModel.Clients.ActiveDirectory.ISecureClientSecret secret;
authority.AssertNotEmpty(nameof(authority));
resource.AssertNotEmpty(nameof(resource));
credential.AssertNotNull(nameof(credential));
try
{
if (credential.UseCache)
{
tokenCache = new DistributedTokenCache(provider, resource, $"AppOnly::{authority}::{resource}");
authContext = new AuthenticationContext(authority, tokenCache);
}
else
{
authContext = new AuthenticationContext(authority);
}
secret = new SecureClientSecret(credential.ApplicationSecret);
authResult = await authContext.AcquireTokenAsync(
resource,
new ClientCredential(
credential.ApplicationId,
secret)).ConfigureAwait(false);
return(authResult);
}
finally
{
authContext = null;
authResult = null;
secret = null;
tokenCache = null;
}
}
public void SecureClientSecretTest()
{
SecureString str = new SecureString();
str.AppendChar('x');
str.MakeReadOnly();
SecureClientSecret secret = new SecureClientSecret(str);
IDictionary <string, string> paramStr = new Dictionary <string, string>();
secret.ApplyTo(paramStr);
Assert.IsTrue(paramStr.ContainsKey("client_secret"));
Assert.AreEqual("x", paramStr["client_secret"]);
str = new SecureString();
str.AppendChar('x');
secret = new SecureClientSecret(str);
paramStr = new Dictionary <string, string>();
secret.ApplyTo(paramStr);
Assert.IsTrue(paramStr.ContainsKey("client_secret"));
Assert.AreEqual("x", paramStr["client_secret"]);
}
